Re: RFC: Signed packages and translations

[Niklas Hoglund <niklas.hoglund@telia.com>]

On Sat, Sep 01, 2001 at 07:21:28PM +0200, Simon Richter wrote:
> On Sat, 1 Sep 2001, Christian Kurz wrote:
> > > not be ascii armored since this would only introduce transmission overhead
> > > and gain nothing. The file name for this file is constructed from the
> 
> > Why does it gain nothing? What about problems during transmission? The
> > ascii armor output which is protected by a crc checksum would help
> > notice such a transmission problem.

Have I misunderstood that a signature is a kind of checksum. What purpose
does adding a checksum to a checksum have? If the signature is invalid the
.deb should not be trusted, but thrown away and redownloaded.

> > >  - An end user can verify who built the .deb file.
> 
> > And how many developers does a end user personally know, so that he
> > trust them? In my humble opinion, this will not gain anything for the
> > end-users.

But it might be nice for developers.

-- 
                                                Niklas