© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
73416ba
(Get the code!)
@Holy Cheater:
I have updated the description. Please read Colin Wilson's first comment, and if you can think how his attack would fail, outline it here. I think we would all like to go for the simplest solution that is safe. If someone can prove that using a single key is safe, it would save the developers a lot of effort.
The whole point of signed archives is for users to place their trust in developers, so they don't *have* to individually check each package. If Debian didn't consider this important, they would have opted for simple md5sums.