Uploader no signe

Asked by NetBit73

Why my packages doesn't signed in my repository: https://launchpad.net/~netext/+archive/ubuntu/testing/+packages
I have OpenPGP key, but they aren't signed. What is wrong?

Question information

Language:
English Edit question
Status:
Answered
For:
Launchpad itself Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Colin Watson (cjwatson) said :
#1

Short answer: nothing is wrong.

Long answer:

The archive as a whole is signed with a key generated by Launchpad; that is the main way that users trust package downloads.

Individual source packages (.dsc files) are only signed if they were created and uploaded directly by you. Almost all of the source packages in that archive were instead created by way of recipe builds. Launchpad only has your public key, not your private key (it's private to you!) and so cannot sign source packages on your behalf. However, since they're all being passed around inside our infrastructure, a signature isn't necessary in that case. The archive signature is sufficient for anyone using apt with deb-src lines to fetch source packages from your PPA.

Individual binary packages aren't signed at all. The facility does exist, but there isn't much point since the archive signature is sufficient for anyone using apt to install packages from your PPA; and, as above, Launchpad wouldn't be able to sign anything with your private key anyway.

Can you help with this problem?

Provide an answer of your own, or ask NetBit73 for more information if necessary.

To post a message you must log in.