https://stackoverflow.com/questions/21147203
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russiandebian uses a different model of trust, which is based on a web-of-trust of Debian developers (gpg), instead of a commercial certificates (verisign,...).
so the answer is: no. you cannot simply use your verisign certificate to gpg-sign debian packages.
if you want to sign your debian packages, simply get yourself a gpg key, and use it to sign your packages. to have your users accept your signiture, you have to options:
the private way
set up your own repository
e.g. following How to setup a Debian Repository
sign the entire repository with your key
gpg -abs -o Release.gpg Releasemake your potential users install your key
gpg --keyserver subkeys.pgp.net --recv-keys 7F7A36F8
gpg -a --export 7F7A36F8 | sudo apt-key add -and make them add your repository to their
/etc/apt/sources.list.d
as yuo can see, this is rather complicated, and requires the users to trust you beforehand (rather than trusting verisign). if you think your users cannot be bothered with this, there is still:
the official way
- become a member of the Debian project, and upload your packages directly to Debian
