multiplex'd wrote: > Hello all, > > I've been reading into the signify(1) program a little recently, and the > manual page mentons the '-t' option, which is used to ensure the public > key deduced from the signature comment "matches /etc/signify/*-keytype.pub", > where 'keytype' is the argument given to '-t'. I'm not sure what this > means. I've taken a glance over the source code, and it looks like specifying > this option is simply intended to ensure that the path to the public key used > to verify the given signature matches the path mentioned in the manual page. > Is this a correct interpretation? What's the rationale behind this option?
this is used to ensure that pkg keys are not used to sign base sets, or vice versa, or any other combination, while still allowing a bit of flexibility.
