Dan Pascu wrote:
If integrity is all that matters a simple digest algorithm like md5/sha would be enough to validate if a patch was not altered. GPG is not necessary unless you also want to also do authentication.
A simple hash would be a good step, and personally I think that GPG is too "heavy" for what the features I'm talking about. I do want to see signed patches, but you can go for something much lighter than GPG.
Daniel. _______________________________________________ darcs-users mailing list [email protected] http://lists.osuosl.org/mailman/listinfo/darcs-users
