Subject: Re: little hacking project: bulk build checksums
To: None <tech-pkg@NetBSD.org>
From: Jan Schaumann <firstname.lastname@example.org>
Date: 01/23/2005 22:46:45
Content-Type: text/plain; charset=us-ascii
Jan Schaumann <email@example.com> wrote:
> I was thinking about doing it as part of the 'upload' script (ie more of
> (b) than (a)), with a knob to pgp sign the final checksum file (which
> would introduce/require interaction).
I've just committed the bits to the upload script to do just that.
Given that it's a trivial addition, I see no harm. Better to have the
checksum files (even if not many people make use of them) until we have
pkg* tools that actually provide signatures for each package.
Per default, no checksums are created. If the bulk-building party wants
to create checksums, then they need to set
in the environment (or in BULK_BUILD_CONF).
If they want to sign the checksum files using gpg(1) (which of course
introduces interaction before the actual uploading is done), then they
need to set
'I have reached an age where my main purpose is not to receive
messages.' --- Umberto Eco, quoted in the New Yorker
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)
-----END PGP SIGNATURE-----