Debian archive signatures


The Debian archive has a chain of MD5 sums that tie a package to a release:

a Release file has the MD5 of a Packages file
the Packages file has MD5 sums of all packages

By signing the Release file a package can be traced to an archive maintainer.

This system relies on always having access to the Package and Release files.