On 06/05/10 03:38, Linas wrote:
Allan McRae wrote:
The first method is what is currently used on the gpg patches that are
available. The signature is made in a separate file and then is
inserted in the repo db when the package is added.
I would prefer having the signature along the package. Maybe as a tar
extended header.
This way you can't lose the detached signature (it also means that you
need to download twice as much files).
But you do not need to... you download the repo db (which contains the
signature) and the package. Same as always.
