Sven-Hendrik Haase <[email protected]> on Thu, 2013/01/31 13:19: > On 31.01.2013 13:02, Christian Hesse wrote: > > Pierre Schmitz <[email protected]> on Wed, 2013/01/30 19:12: > > > I am going to build a new ISO image on Friday. I did a test build today > > > and everything looks fine. It's just updated packages; no changes to ais > > > nor archiso. Let me know if there are any known issues or blockers. > > > > This is not about the ISO itself but its download... > > > > Torrent download files can contain more than just one file. How about > > including gpg signature for the ISO file? Possibly this increases the > > number of people actually checking the authenticity of downloaded files. > > Frankly, why? The torrent already guarantees you didn't get bad data.
Sure. But the gpg signature is not (only) about integrity but authenticity.
If you get a bad (not broken) torrent file you could download a bad ISO image
without noticing anybody is fooling you.
--
main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH"
"CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];)
putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}
signature.asc
Description: PGP signature
