aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJoshua M. Boniface <joshua@boniface.me>2024-05-01 17:06:01 -0400
committerJoshua M. Boniface <joshua@boniface.me>2024-05-01 17:06:01 -0400
commit76ad06ec95a7d80a21b3572fc0d85df681dcd6d6 (patch)
tree4eee726497e3548f23046a7b750635203392586e
parentAdd Debian package and dsc signing with repo key (diff)
downloadjellyfin-packaging-76ad06ec95a7d80a21b3572fc0d85df681dcd6d6.tar.gz
jellyfin-packaging-76ad06ec95a7d80a21b3572fc0d85df681dcd6d6.tar.bz2
jellyfin-packaging-76ad06ec95a7d80a21b3572fc0d85df681dcd6d6.zip
Clarify debsig-verify status
-rw-r--r--README.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/README.md b/README.md
index adfdcf5..e716879 100644
--- a/README.md
+++ b/README.md
@@ -190,7 +190,7 @@ Inside this repository are 7 major components:
* Signing of Debian packages with `debsigs`.
- This was suggested in https://github.com/jellyfin/jellyfin-packaging/issues/14 and was not something we had ever done, but has become trivial with this CI. This alows for the end-user verification of the ownership and integrity of the binary `.deb` files obtained from the repository with the `debsigs-verify` command and the policy detailed in that issue. We can also integrate this automatically into our installer script and documented process.
+ This was suggested in https://github.com/jellyfin/jellyfin-packaging/issues/14 and was not something we had ever done, but has become trivial with this CI. This alows for the end-user verification of the ownership and integrity of manually downloaded binary `.deb` files obtained from the repository with the `debsigs-verify` command and the policy detailed in that issue. Note that since Debian as a whole (i.e. `dpkg`, `apt`, etc.) does not enforce package signing at this time, enabling this for the *repository* is not possible; conventional repository signatures (using the same signing key) are considered sufficient.
### Docker
bgstack15