[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#540215: Introduce dh_checksums

[Harald Braumann]
> See, you don't need a server. You just ship a signature over the hash
> files. Easy as that.

And that signature - if you don't have a server - you probably want to
store it in the .deb, right?  So you are going to be editing the .deb
after it is built.  At which time, you could just as well compute your
SHA16384 hashes, sign those, and store them.  That way you can even use
an attached (as opposed to detached) gpg signature, without confusing
downstream tools.
Peter Samuelson | org-tld!p12n!peter | http://p12n.org/

Reply to: