[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFH] The need for signed packages and signed Releases (long, long)


Glenn McGrath wrote:
> It would only need to sign the control.tar.gz as the contents of the
> data.tar.gz could be verified from the ./md5sums within control.tar.gz

That's true, but AFAIR the md5sums-file is optional. If we want to use
it to verify the contents of data.tar.gz it must be required by the

- Alexander

"fighting for peace is like fucking for virginity"

Attachment: pgp0oeODtUml_.pgp
Description: PGP signature

Reply to: