#497 closed task (wontfix)

we should sign the .debs published through our APT repository

Reported by: warner Owned by: somebody
Priority: major Milestone: eventually
Component: dev-infrastructure Version: 1.2.0
Keywords: security install Cc:
Launchpad Bug:


For both our internal server operations folks, and for the community at large, we should really have some sort of signature on the .debs that we create. Users could then add the allmydata key to their APT keyring and be less vulnerable to a compromised mirror.

Change History (3)

comment:1 Changed at 2008-08-06T19:42:45Z by warner

zandr points out that, once the debs are signed, you use "apt-key add FILENAME" to add a new public key to the trusted ring. "apt-key list" shows the currently trusted keys.

comment:2 Changed at 2010-03-25T01:23:44Z by davidsarah

  • Keywords security install added
  • Milestone changed from undecided to eventually

comment:3 Changed at 2011-12-21T04:29:54Z by warner

  • Resolution set to wontfix
  • Status changed from new to closed

We stopped creating and shipping .debs, leaving that to the debian/ubuntu maintainers. So we can close this as WONTFIX.

Note: See TracTickets for help on using tickets.