On Thu, 2010-03-11 at 00:37 +, The Fungi wrote:
On Wed, Mar 10, 2010 at 11:22:00PM +0100, Frank Lin PIAT wrote:
I made some tests, and it seems that we could allow,but not require, GPG
signed checksum-file. sha256sum will ignore invalid lines by default
(unless you specify --warn
On Wed, 2010-03-10 at 10:52 -0800, Russ Allbery wrote:
Peter Samuelson pe...@p12n.org writes:
[Wouter Verhelst]
At any rate, a PGP signature takes a lot of data; much more so than
a checksum. It's therefore more economical to produce a signed
package.checksums file than it is to
On Wed, Mar 10, 2010 at 11:22:00PM +0100, Frank Lin PIAT wrote:
I made some tests, and it seems that we could allow,but not require, GPG
signed checksum-file. sha256sum will ignore invalid lines by default
(unless you specify --warn option).
Similarly, the policy could state that GPG
3 matches
Mail list logo
