bug#47634: Accompany .asc and .DIGESTS keys for the ISO

bug-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

bug#47634: Accompany .asc and .DIGESTS keys for the ISO

From:	Carlo Zancanaro
Subject:	bug#47634: Accompany .asc and .DIGESTS keys for the ISO
Date:	Fri, 09 Apr 2021 08:57:00 +1000
User-agent:	K-9 Mail for Android

On 9 April 2021 3:34:20 am AEST, bo0od <bo0od@riseup.net> wrote:
>This is nicely written by Qubes documentation:
>
>https://www.qubes-os.org/security/verifying-signatures/

From that page:

> If you’ve already verified the signatures on the ISO directly, then verifying 
> digests is not necessary.

Which implies that the signatures are sufficient, right?

What is the benefit to providing the key (.asc) and hashes (.DIGESTS)? The page 
you linked provides rationale for providing and checking digital signatures, 
but we already provide them.

Carlo

[Prev in Thread]

Current Thread

[Next in Thread]

bug#47634: Accompany .asc and .DIGESTS keys for the ISO, bo0od, 2021/04/07
- bug#47634: Accompany .asc and .DIGESTS keys for the ISO, Leo Famulari, 2021/04/08
  - bug#47634: Accompany .asc and .DIGESTS keys for the ISO, bo0od, 2021/04/08
    - bug#47634: Accompany .asc and .DIGESTS keys for the ISO, Carlo Zancanaro <=
    - bug#47634: Accompany .asc and .DIGESTS keys for the ISO, bo0od, 2021/04/09
    - bug#47634: Accompany .asc and .DIGESTS keys for the ISO, Carlo Zancanaro, 2021/04/09
    - bug#47634: Accompany .asc and .DIGESTS keys for the ISO, bo0od, 2021/04/10
    - bug#47634: Accompany .asc and .DIGESTS keys for the ISO, Ludovic Courtès, 2021/04/18

Prev by Date: bug#42129: guix-install.sh does not add build users to kvm group
Next by Date: bug#42129: guix-install.sh does not add build users to kvm group
Previous by thread: bug#47634: Accompany .asc and .DIGESTS keys for the ISO
Next by thread: bug#47634: Accompany .asc and .DIGESTS keys for the ISO
Index(es):
- Date
- Thread