Subject: Re: signed binary pkgs [was: Re: BPG call for use cases]
To: Todd Vierling <>
From: Hubert Feyrer <>
List: tech-pkg
Date: 07/24/2005 22:08:11
On Fri, 22 Jul 2005, Todd Vierling wrote:
> You'd need to sign the +INSTALL and +DEINSTALL scripts too, as they can
> generate files not tracked by +CONTENTS.

Please let's just sign the whole file.
It's more failsafe, and not that difficult to implement, see my other 

  - Hubert