Subject: Re: signed binary pkgs [was: Re: BPG call for use cases]
To: Curt Sampson <>
From: Todd Vierling <>
List: tech-pkg
Date: 07/22/2005 09:25:48
On Fri, 22 Jul 2005, Curt Sampson wrote:

> We should be using better hashes than MD5, these days. But yes, possibly
> just signing the +CONTENTS file would do the trick.

You'd need to sign the +INSTALL and +DEINSTALL scripts too, as they can
generate files not tracked by +CONTENTS.

-- Todd Vierling <> <> <>