Hi, Glenn McGrath wrote: > It would only need to sign the control.tar.gz as the contents of the > data.tar.gz could be verified from the ./md5sums within control.tar.gz That's true, but AFAIR the md5sums-file is optional. If we want to use it to verify the contents of data.tar.gz it must be required by the policy. - Alexander -- "fighting for peace is like fucking for virginity"
Attachment:
pgpWeXBUVvvr8.pgp
Description: PGP signature