diff options
| author | Joshua M. Boniface <joshua@boniface.me> | 2024-05-01 17:06:01 -0400 |
|---|---|---|
| committer | Joshua M. Boniface <joshua@boniface.me> | 2024-05-01 17:06:01 -0400 |
| commit | 76ad06ec95a7d80a21b3572fc0d85df681dcd6d6 (patch) | |
| tree | 4eee726497e3548f23046a7b750635203392586e /README.md | |
| parent | Add Debian package and dsc signing with repo key (diff) | |
| download | jellyfin-packaging-76ad06ec95a7d80a21b3572fc0d85df681dcd6d6.tar.gz jellyfin-packaging-76ad06ec95a7d80a21b3572fc0d85df681dcd6d6.tar.bz2 jellyfin-packaging-76ad06ec95a7d80a21b3572fc0d85df681dcd6d6.zip | |
Clarify debsig-verify status
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 2 |
1 files changed, 1 insertions, 1 deletions
@@ -190,7 +190,7 @@ Inside this repository are 7 major components: * Signing of Debian packages with `debsigs`. - This was suggested in https://github.com/jellyfin/jellyfin-packaging/issues/14 and was not something we had ever done, but has become trivial with this CI. This alows for the end-user verification of the ownership and integrity of the binary `.deb` files obtained from the repository with the `debsigs-verify` command and the policy detailed in that issue. We can also integrate this automatically into our installer script and documented process. + This was suggested in https://github.com/jellyfin/jellyfin-packaging/issues/14 and was not something we had ever done, but has become trivial with this CI. This alows for the end-user verification of the ownership and integrity of manually downloaded binary `.deb` files obtained from the repository with the `debsigs-verify` command and the policy detailed in that issue. Note that since Debian as a whole (i.e. `dpkg`, `apt`, etc.) does not enforce package signing at this time, enabling this for the *repository* is not possible; conventional repository signatures (using the same signing key) are considered sufficient. ### Docker |