Why is a separate signing key in use? When I create my mirror, the GPG signatures are inclided as well, and so it verifies properly out-of-the-box. Does the mirror need another signing key because it modifies some official Ubuntu packages? Or can this approach be used?
Why is a separate signing key in use? When I create my mirror, the GPG signatures are inclided as well, and so it verifies properly out-of-the-box. Does the mirror need another signing key because it modifies some official Ubuntu packages? Or can this approach be used?