Re: Upstream Tarball Signature Files

To: Henrique de Moraes Holschuh <hmh@debian.org>
Cc: Paul Hardy <unifoundry@gmail.com>, Osamu Aoki <osamu@debian.org>, debian-policy@lists.debian.org, guillem@debian.org, lintian-maint@debian.org, debian-dpkg@lists.debian.org
Subject: Re: Upstream Tarball Signature Files
From: Russ Allbery <rra@debian.org>
Date: Mon, 14 Aug 2017 10:13:10 -0700
Message-id: <[🔎] 87wp66nkd5.fsf@hope.eyrie.org>
In-reply-to: <[🔎] 20170814165904.4hwqpwjmrxgr6q6t@khazad-dum.debian.net> (Henrique de Moraes Holschuh's message of "Mon, 14 Aug 2017 13:59:04 -0300")
References: <CAJqvfD-UyFM718PsyFcq45TqFbn2iOkLgMe+2Lb01+iDJRzFBg@mail.gmail.com> <20170808084808.tye5er7aideckkem@gaara.hadrons.org> <20170808121352.flnz7a7miknw3bjr@casper.tc4.so-net.ne.jp> <[🔎] CAJqvfD-jzvTgXOfbpvR80VoYfBiwdF1mX=r_yqHVmVhYzTBpfg@mail.gmail.com> <[🔎] 87wp68qijz.fsf@hope.eyrie.org> <[🔎] CAJqvfD89vJeskgi3fBndDvzPfNOfL3_Rjtufo0j=MQooA+mFhg@mail.gmail.com> <[🔎] 87y3qnq9rl.fsf@hope.eyrie.org> <[🔎] 20170814114956.w5o7mm2hjqndy6wh@khazad-dum.debian.net> <[🔎] 87d17yp2me.fsf@hope.eyrie.org> <[🔎] 20170814165904.4hwqpwjmrxgr6q6t@khazad-dum.debian.net>

Henrique de Moraes Holschuh <hmh@debian.org> writes:

> We do when the binary sig is small enough to be stored along with the
> inode, instead of requiring an entire filesystem block (4KiB), and the
> armored signature is not small enough for that :-( Of course, this
> really depends a lot on the filesystem, etc.

I'm not sure what signatures you're looking at.  Maybe ones with lots of
separate signers?  A typical *.asc file with one signer is about 500
bytes.

> May I humbly suggest that, *if* a change is going to be made, we switch
> to ".sig" (binary) and ".sig.asc" (armored), or .sig.gpg / sig.gpg.asc?
> As in "let's not overload .asc to mean armored signature, when it only
> means ASCII text"...

Note that I'm arguing for no change, just documenting the existing support
for *.asc upstream signatures.  This will imply that anyone who wants to
include an upstream signature that's provided in *.sig format will need to
convert it to *.asc, but that's not a *change*.  That's the current state
of the archive.

-- 
Russ Allbery (rra@debian.org)               <http://www.eyrie.org/~eagle/>

Reply to:

Follow-Ups:
- Re: Upstream Tarball Signature Files
  - From: Osamu Aoki <osamu@debian.org>

References:
- Re: Upstream Tarball Signature Files
  - From: Paul Hardy <unifoundry@gmail.com>
- Re: Upstream Tarball Signature Files
  - From: Russ Allbery <rra@debian.org>
- Re: Upstream Tarball Signature Files
  - From: Paul Hardy <unifoundry@gmail.com>
- Re: Upstream Tarball Signature Files
  - From: Russ Allbery <rra@debian.org>
- Re: Upstream Tarball Signature Files
  - From: Henrique de Moraes Holschuh <hmh@debian.org>
- Re: Upstream Tarball Signature Files
  - From: Russ Allbery <rra@debian.org>
- Re: Upstream Tarball Signature Files
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: Upstream Tarball Signature Files
Next by Date: Re: Upstream Tarball Signature Files
Previous by thread: Re: Upstream Tarball Signature Files
Next by thread: Re: Upstream Tarball Signature Files
Index(es):
- Date
- Thread