next up previous contents index
Next: Getting Ready to Sign Up: Adding PGP Signatures to Previous: Adding PGP Signatures to   Contents   Index

Why Sign a Package?

The reason for signing a package is to provide authentication. With a signed package, it's possible for your user community to verify that the package they have was in your possession at some time and has not been changed since then. That ``not changed'' part is also a good reason to sign your packages, as digital signatures are a very robust way to guard against any modifications to the package.

Of course, as with anything else in life, adding a digital signature to a package isn't an ironclad guarantee that everything is right with the package, but it's about as sure a thing as humans can make it.

converted to HTML by Tim Riker