--NtwzykIc2mflq5ck
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

Jan Schaumann <jschauma@netmeister.org> wrote:
=20
> I was thinking about doing it as part of the 'upload' script (ie more of
> (b) than (a)), with a knob to pgp sign the final checksum file (which
> would introduce/require interaction).

I've just committed the bits to the upload script to do just that.
Given that it's a trivial addition, I see no harm.  Better to have the
checksum files (even if not many people make use of them) until we have
pkg* tools that actually provide signatures for each package.

Per default, no checksums are created.  If the bulk-building party wants
to create checksums, then they need to set

MKSUMS=3Dyes

in the environment (or in BULK_BUILD_CONF).

If they want to sign the checksum files using gpg(1) (which of course
introduces interaction before the actual uploading is done), then they
need to set

SIGN_AS=3Dusername@NetBSD.org

in addition.

-Jan

--=20
'I have reached an age where my main purpose is not to receive
messages.' --- Umberto Eco, quoted in the New Yorker

--NtwzykIc2mflq5ck
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (NetBSD)

iD8DBQFB9G+lfFtkr68iakwRAkhbAJ41ZHkkE2PD82ETFbfYtTMna1RKYwCeJ1fn
kEoE910/7uhpVD69CBsBszM=
=AdUi
-----END PGP SIGNATURE-----

--NtwzykIc2mflq5ck--