Subject: Re: [firstname.lastname@example.org: CVS commit: basesrc/usr.sbin/pkg_install/add]
To: Hubert Feyrer <email@example.com>
From: Charles M. Hannum <firstname.lastname@example.org>
Date: 10/03/2001 22:52:29
On Wed, 2001-10-03 at 22:14, Hubert Feyrer wrote:
> On Wed, 3 Oct 2001, Alistair Crooks wrote:
> > > gzip and pax should both deal fine with having the signature tacked on
> > > the end.
> I wonder if it was possible to make the signature part of the +-files, and
> if present do the sigature checking? Just like what we do for +MESSAGE
> files etc.
That would require some Magick, since the tar file itself would change,
and you have to be careful about exactly *what* you're checking the
signature of. I suppose it might be amusing to always have it be the
first file -- i.e. be prefixed to the existing tar file -- and checksum
the decompressed image instead.