[Harald Braumann] > See, you don't need a server. You just ship a signature over the hash > files. Easy as that.
And that signature - if you don't have a server - you probably want to store it in the .deb, right? So you are going to be editing the .deb after it is built. At which time, you could just as well compute your SHA16384 hashes, sign those, and store them. That way you can even use an attached (as opposed to detached) gpg signature, without confusing downstream tools. -- Peter Samuelson | org-tld!p12n!peter | http://p12n.org/ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20100310051154.gs18...@p12n.org
