debian mentors/ glossary/ debsign


debsign is a tool from the devscripts package that allows you to sign a package with your GPG key.

It will sign the .dsc file, and also a .changes file if you want, making sure that the information within them is still correct (i.e the sizes recorded reflect the size increase that comes from adding a signature.

Various tools can then check the signature when they act on a package and so provide some assurance about the who made or distributed the package.

dpkg-buildpackage can also sign the files, but it can be more convenient to turn that off and use debsign instead, so that you don't have to sign the packages on every build, but only sign the packages you release.