[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [RFH] The need for signed packages and signed Releases (long, long)



Hi,

Glenn McGrath wrote:
> It would only need to sign the control.tar.gz as the contents of the
> data.tar.gz could be verified from the ./md5sums within control.tar.gz

That's true, but AFAIR the md5sums-file is optional. If we want to use
it to verify the contents of data.tar.gz it must be required by the
policy.

- Alexander

-- 
"fighting for peace is like fucking for virginity"

Attachment: pgpEWpfDF2sim.pgp
Description: PGP signature


Reply to: