[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: changes file format

ian@chiark.chu.cam.ac.uk said:
> It's important that the distribution channels for the MD5 checksum 
> information and the files themselves remain separate.  (For this 
> reason I think that putting the MD5 checksums in the Incoming 
> directory itself is bad - there should be a separate administrative 
> directory.)

This is why I had proposed to PGP-sign the .changes files as a method of
verifying their authenticity. The program that processed the .changes files
would check them against the purported author's public key.

If I understand you correctly, you are proposing to have a write-only upload
directory for the .changes files .


Reply to: