Re: Revival of the signed debs discussion
On Wed, 3 Dec 2003 12:08:10 +0100, Matthias Urlichs said:
>> signature algorithm would allow for hashing the data on the remote
>> machine, and signing that hash locally.
> ... that would work. It'd probably require a few hooks within GPG
> to generate a hash packet / .
Since I moved my actual development to faster machines I now always
need to copy the tarballs to the box where I can sign them and this is
not very convenient. Obviously, I thought about such a solution too.
There are some minor problems because we don't just sign a hash but
need to add some more data. Creating an incomplete hash on the remote
machine is not the cleanest solution, so I have to come up with a
Werner Koch <firstname.lastname@example.org>
The GnuPG Experts http://g10code.com
Free Software Foundation Europe http://fsfeurope.org