Linux live CD with Pidgin?

Richard Laager rlaager at
Mon Feb 16 20:40:55 EST 2009

On Mon, 2009-02-16 at 20:06 -0500, Ethan Blanton wrote:
> This is dumb.  Why does Launchpad continue to make decisions like
> this, that suck?  (That's rhetorical.)

I realize you said this was rhetorical, but...

They build the binary packages (which are what are signed... or at least
their hashes). "I" only build the source package. Therefore, absent some
additional step, I can't sign the binary packages. And really, even if
such an option existed, *should* I sign them?

I'm not sure this is really any different from "real" (i.e. distro)
repositories. In the case of Debian... a Debian Developer would sign the
binary package they upload, but the build servers build the packages for
all the other architectures. And, in the end, the archive's package list
file is signed by a "Debian Archive Automatic Signing Key", which is all
that is trusted by the client.

> Can the packages at least
> have *multiple* signatures, so we can get your signature plus their
> signature on it?  (I'm not familiar enough with .deb signing to know
> if this is even possible in the package format.)

Launchpad doesn't support this, to my knowledge. That said, it may be
a .deb/apt restriction, as you said.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
URL: <>

More information about the Devel mailing list