Re: RFC: Signed packages and translations
On Sat, Sep 01, 2001 at 07:21:28PM +0200, Simon Richter wrote:
> On Sat, 1 Sep 2001, Christian Kurz wrote:
> > > not be ascii armored since this would only introduce transmission overhead
> > > and gain nothing. The file name for this file is constructed from the
>
> > Why does it gain nothing? What about problems during transmission? The
> > ascii armor output which is protected by a crc checksum would help
> > notice such a transmission problem.
Have I misunderstood that a signature is a kind of checksum. What purpose
does adding a checksum to a checksum have? If the signature is invalid the
.deb should not be trusted, but thrown away and redownloaded.
> > > - An end user can verify who built the .deb file.
>
> > And how many developers does a end user personally know, so that he
> > trust them? In my humble opinion, this will not gain anything for the
> > end-users.
But it might be nice for developers.
--
Niklas
Reply to: