Part one in questions I'm too afraid to ask. If a .deb is signed with gpg, does that make the whole file encrypted, or just prove it's from a trusted source/ match a specific hash...?

@rev_mook A signed file only ensures that someone has the key that was used for the signature.
You can assume that the person mentioned in the signature did it. If you trust that person is a different problem.
Nothing is encrypted.

@rev_mook iirc just shows the file is from a trusted repo. thats how gpg works. you cant encrypt the thing with gpg, just sign against it, also iirc.

Sign in to participate in the conversation

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!