just to clarify a bit, the release file of the repository needs to be signed, not the packages themselves.
just to clarify a bit, the release file of the repository needs to be signed, not the packages themselves.