Re: RFC: Signed packages and translations

To: debian-devel@lists.debian.org
Subject: Re: RFC: Signed packages and translations
From: Christian Kurz <shorty@debian.org>
Date: Sat, 1 Sep 2001 10:32:35 +0200
Message-id: <[🔎] 20010901103235.A6527@salem.getuid.de>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 20010901163140.D20488@svana.org>
References: <[🔎] Pine.LNX.4.31.0109010754430.29641-200000@phobos.fachschaften.tu-muenchen.de> <[🔎] 20010901163140.D20488@svana.org>

On 01-09-01 Martijn van Oosterhout wrote:
> Just a couple of ideas. Looks good...
> If we don't want that then I have another idea. Replace the whole .tar.gz
> extension with .sig.

And then you have lots of people just trying to check that file with gpg
since it will be signed. But I think that not many people will notice
that this is still a archive file that they can extract by using tar xzf
instead of gpg to verify it. Replacing whole file-names like this, is in
my opinion a very bad idea.

Christian
-- 
           Debian Developer (http://www.debian.org)
1024/26CC7853 31E6 A8CA 68FC 284F 7D16  63EC A9E6 67FF 26CC 7853

Attachment: pgpxltRR7ccWs.pgp
Description: PGP signature

Reply to:

References:
- RFC: Signed packages and translations
  - From: Simon Richter <sjr@debian.org>
- Re: RFC: Signed packages and translations
  - From: Martijn van Oosterhout <kleptog@svana.org>

Prev by Date: Re: libgal sonames
Next by Date: Re: RFC: Signed packages and translations
Previous by thread: Re: RFC: Signed packages and translations
Next by thread: Re: RFC: Signed packages and translations
Index(es):
- Date
- Thread