- the maintainer signature is stripped off, an MD5 sum of the package
- is computed and put in the Packages file. The MD5 sum of all of the
- packages files are then computed and put into the Release file. The
- Release file is then signed by the archive key (which is created
- once a year and distributed through the FTP server. This key is
- also on the Debian keyring.
+ the maintainer signature is stripped off, and checksums of the package
+ are computed and put in the Packages file. The checksums of all of the
+ Packages files are then computed and put into the Release file. The
+ Release file is then signed by the archive key for this &keyring-distro; release,
+ and distributed alongside the packages and the Packages files on
+ &keyring-distro; mirrors. The keys are in the &keyring-distro; archive keyring
+ available in the &keyring-package; package.