[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Re: signatures and checking
From: |
Robert Collins |
Subject: |
Re: [Gnu-arch-users] Re: signatures and checking |
Date: |
Tue, 27 Jan 2004 20:46:58 +1100 |
On Tue, 2004-01-27 at 14:24, Tom Lord wrote:
> If my archive is bitwise-identical to yours, and you have checked
> signatures, and I trust that you've checked signatures, then I don't
> need to check signatures.
>
> That means that what you (the signature checker) see for checksum data
> and what I (the non-signature checker) see for that data must be the
> same.
Which means you cannot use clearsigned signatures. They will alter lines
in the body to prevent the end of signature being incorrectly
identified.
Choose one:
use gpg to extract signed data
use detached signatures.
I think that using gpg to extract signed data is not a big hurdle. gpg
is very portable (to every platform tla is AFAIK).
Rob
--
GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
Re: [Gnu-arch-users] signatures and checking, Andrew Suffield, 2004/01/26
Re: [Gnu-arch-users] signatures and checking, Robert Collins, 2004/01/27