If I'm reading comment #4 correctly, we could only ever sync from Debian and not make our own changes to have a trusted signature. I don't think that would work out. At the version least we need to be able to have different package revision numbers for different releases when we do updates.
It seems to me like if we are going to do this, we would need some kind of plan like we use for clamav:
If I'm reading comment #4 correctly, we could only ever sync from Debian and not make our own changes to have a trusted signature. I don't think that would work out. At the version least we need to be able to have different package revision numbers for different releases when we do updates.
It seems to me like if we are going to do this, we would need some kind of plan like we use for clamav:
https:/ /wiki.ubuntu. com/ClamavUpdat es
If the signing key issue is important, we'll also need a MOTU who's key is trusted by TOR.