|
From: | Tom Lord |
Subject: | Re: [Gnu-arch-users] (volunteers?) crypto signatures for arch |
Date: | Mon, 8 Dec 2003 07:59:52 -0800 (PST) |
> From: Thomas Zander <address@hidden> > The external file-signing method that you proposed is only used > for whole files. With that I mean the compressed versions. Its > not really good to sign the content of the tar with a file that > is not _inside_ the tar itself since that means gpg --verify > will not work. Is there something wrong with `--verify SIGFILE FILES'? Standard Savannah/GNU practice for signing FTP sites is to use detached signatures. -t
[Prev in Thread] | Current Thread | [Next in Thread] |