From 76ad06ec95a7d80a21b3572fc0d85df681dcd6d6 Mon Sep 17 00:00:00 2001
From: "Joshua M. Boniface" <joshua@boniface.me>
Date: Wed, 1 May 2024 17:06:01 -0400
Subject: Clarify debsig-verify status

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'README.md')

diff --git a/README.md b/README.md
index adfdcf5..e716879 100644
--- a/README.md
+++ b/README.md
@@ -190,7 +190,7 @@ Inside this repository are 7 major components:
 
 * Signing of Debian packages with `debsigs`.
 
-   This was suggested in https://github.com/jellyfin/jellyfin-packaging/issues/14 and was not something we had ever done, but has become trivial with this CI. This alows for the end-user verification of the ownership and integrity of the binary `.deb` files obtained from the repository with the `debsigs-verify` command and the policy detailed in that issue. We can also integrate this automatically into our installer script and documented process.
+   This was suggested in https://github.com/jellyfin/jellyfin-packaging/issues/14 and was not something we had ever done, but has become trivial with this CI. This alows for the end-user verification of the ownership and integrity of manually downloaded binary `.deb` files obtained from the repository with the `debsigs-verify` command and the policy detailed in that issue. Note that since Debian as a whole (i.e. `dpkg`, `apt`, etc.) does not enforce package signing at this time, enabling this for the *repository* is not possible; conventional repository signatures (using the same signing key) are considered sufficient.
 
 ### Docker
 
-- 
cgit