Re: Bug#540215: Introduce dh_checksums, clear-signed checksum

To: Debian Devel <debian-devel@lists.debian.org>
Subject: Re: Bug#540215: Introduce dh_checksums, clear-signed checksum
From: The Fungi <fungi@yuggoth.org>
Date: Thu, 11 Mar 2010 00:37:11 +0000
Message-id: <[🔎] 20100311003709.GI1906@yuggoth.org>
In-reply-to: <[🔎] 1268259720.3291.3261.camel@solid.paris.klabs.be>
References: <[🔎] 20100303104725.GA18778@celtic.nixsys.be> <[🔎] slrnhosifd.rmi.trash@kelgar.0x539.de> <[🔎] 1267650344.8266.262.camel@solid.paris.klabs.be> <[🔎] 87bpf3vrai.fsf@qurzaw.linpro.no> <[🔎] 1268066168.21347.9661.camel@solid.paris.klabs.be> <[🔎] 87wrxmbkdn.fsf@windlord.stanford.edu> <[🔎] 20100310143214.GE10578@celtic.nixsys.be> <[🔎] 20100310171331.GT18278@p12n.org> <[🔎] 87y6i0ggal.fsf@windlord.stanford.edu> <[🔎] 1268259720.3291.3261.camel@solid.paris.klabs.be>

On Wed, Mar 10, 2010 at 11:22:00PM +0100, Frank Lin PIAT wrote:
> I made some tests, and it seems that we could allow,but not require, GPG
> signed checksum-file. sha256sum will ignore invalid lines by default
> (unless you specify --warn option).
> 
> Similarly, the policy could state that GPG clear-signed shasum files are
> allowed. Tools using shasum should still strip the signature, especially
> when using the checksum for security purpose.

Is there any good reason not to use a detached signature in a
separate file instead? I know that doubles the number of files, but
it also reduces the raw size by around 47 bytes and simplifies
parsing of the checksum files themselves.
-- 
{ IRL(Jeremy_Stanley); PGP(9E8DFF2E4F5995F8FEADDC5829ABF7441FB84657);
SMTP(fungi@yuggoth.org); IRC(fungi@irc.yuggoth.org#ccl); ICQ(114362511);
AIM(dreadazathoth); YAHOO(crawlingchaoslabs); FINGER(fungi@yuggoth.org);
MUD(fungi@katarsis.mudpy.org:6669); WWW(http://fungi.yuggoth.org/); }

Reply to:

Follow-Ups:
- Re: Bug#540215: Introduce dh_checksums, clear-signed checksum
  - From: Frank Lin PIAT <fpiat@klabs.be>

References:
- Re: md5sums files
  - From: Wouter Verhelst <wouter@debian.org>
- Re: md5sums files
  - From: Philipp Kern <trash@philkern.de>
- Re: md5sums files
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: md5sums files
  - From: Tollef Fog Heen <tfheen@err.no>
- Bug#540215: Introduce dh_checksums
  - From: Frank Lin PIAT <fpiat@klabs.be>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Wouter Verhelst <wouter@debian.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Peter Samuelson <peter@p12n.org>
- Re: Bug#540215: Introduce dh_checksums
  - From: Russ Allbery <rra@debian.org>
- Re: Bug#540215: Introduce dh_checksums, clear-signed checksum
  - From: Frank Lin PIAT <fpiat@klabs.be>

Prev by Date: Re: md5sums files
Next by Date: Bug#573393: ITP: maven-release -- Maven Release Plugin
Previous by thread: Re: Bug#540215: Introduce dh_checksums, clear-signed checksum
Next by thread: Re: Bug#540215: Introduce dh_checksums, clear-signed checksum
Index(es):
- Date
- Thread