Package and image signatures

Kalle Happonen kalle.happonen at
Thu Jul 17 07:26:01 CEST 2008

would it be possible to add signatures for the packages and hashes for 
the images? The latter one should be easy and it could be pretty much 
automated in the build process. I agree that it doesn't help much, but 
it would stop some of possible malicious repo tampering. I'm not saying 
it will happen, but they got Ubuntu too so it's always a possibility :)..

Having package signatures is a bit more work, at least if you want to do 
it well and securely, but I think this would be importat at latest when 
openmoko starts getting mirrors, just to make sure users get correct 
versions of software.


More information about the community mailing list