[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Revival of the signed debs discussion

On Wed, 3 Dec 2003 12:08:10 +0100, Matthias Urlichs said:

>> signature algorithm would allow for hashing the data on the remote
>> machine, and signing that hash locally.
> ... that would work. It'd probably require a few hooks within GPG
> to generate a hash packet / .

Since I moved my actual development to faster machines I now always
need to copy the tarballs to the box where I can sign them and this is
not very convenient.  Obviously, I thought about such a solution too.

There are some minor problems because we don't just sign a hash but
need to add some more data.  Creating an incomplete hash on the remote
machine is not the cleanest solution, so I have to come up with a
better way.


Werner Koch                                      <wk@gnupg.org>
The GnuPG Experts                                http://g10code.com
Free Software Foundation Europe                  http://fsfeurope.org

Reply to: