debinstall #50200 consider using debsign instead of raw gpg call [rejected]
debsign make the "gpg --verify" and will provide a way to resign immediately if need. Moreover, debsign take care of the logic in order to sign changes and dsc at the same time.
So, the packages will be signed only at the right time, ie in the upload process. The gain will be to known exactly which fellow has uploaded a given package.
|closed by||<not specified>|