|
| From: | Tom Lord |
| Subject: | Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
| Date: | Mon, 8 Dec 2003 07:59:52 -0800 (PST) |
> From: Thomas Zander <address@hidden>
> The external file-signing method that you proposed is only used
> for whole files. With that I mean the compressed versions. Its
> not really good to sign the content of the tar with a file that
> is not _inside_ the tar itself since that means gpg --verify
> will not work.
Is there something wrong with `--verify SIGFILE FILES'? Standard
Savannah/GNU practice for signing FTP sites is to use detached
signatures.
-t
| [Prev in Thread] | Current Thread | [Next in Thread] |