Package and image signatures
kalle.happonen at iki.fi
Thu Jul 17 07:26:01 CEST 2008
would it be possible to add signatures for the packages and hashes for
the images? The latter one should be easy and it could be pretty much
automated in the build process. I agree that it doesn't help much, but
it would stop some of possible malicious repo tampering. I'm not saying
it will happen, but they got Ubuntu too so it's always a possibility :)..
Having package signatures is a bit more work, at least if you want to do
it well and securely, but I think this would be importat at latest when
openmoko starts getting mirrors, just to make sure users get correct
versions of software.
More information about the community