Subject: Re: signed binary pkgs [was: Re: BPG call for use cases]
To: Curt Sampson <firstname.lastname@example.org>
From: Todd Vierling <email@example.com>
Date: 07/22/2005 09:25:48
On Fri, 22 Jul 2005, Curt Sampson wrote:
> We should be using better hashes than MD5, these days. But yes, possibly
> just signing the +CONTENTS file would do the trick.
You'd need to sign the +INSTALL and +DEINSTALL scripts too, as they can
generate files not tracked by +CONTENTS.
-- Todd Vierling <firstname.lastname@example.org> <email@example.com> <firstname.lastname@example.org>