Hi,
One of the ways to verify an archlinux iso image is via its gpg
signature. However, doing this on an atom/geode system with < 1GiB of RAM is
definitely not fun. And I suppose it also takes noticeable time to sign, even
on an opteron/xeon server.
Is there a particular reason why the images themselves are signed as
opposed to only their checksum files? For instance, Fedora provides
sha256sums with inline sigs [1], and verifying image checksum + checksum file
signature is _much_ less CPU and memory demanding than verifying signature of
an entire image.Thanks, Leonid. [1] http://mirrors.kernel.org/fedora/releases/19/Live/x86_64/Fedora-Live-x86_64-19-CHECKSUM -- Leonid Isaev GnuPG key: 0x164B5A6D Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
signature.asc
Description: PGP signature
