- the maintainer signature is stripped off, an MD5 sum of the package
- is computed and put in the Packages file. The MD5 sum of all of the
- packages files are then computed and put into the Release file. The
- Release file is then signed by the archive key (which is created
- once a year) and distributed through the FTP server. This key is
- also on the Debian keyring.
+ the maintainer signature is stripped off, and checksums of the package
+ are computed and put in the Packages file. The checksums of all of the
+ Packages files are then computed and put into the Release file. The
+ Release file is then signed by the archive key for this Debian release,
+ and distributed alongside the packages and the Packages files on
+ Debian mirrors. The keys are in the Debian archive keyring available in
+ the <package>debian-archive-keyring</package> package.