tech-security: Re: signed binary pkgs [was: Re: BPG call for use cases]

Subject: Re: signed binary pkgs [was: Re: BPG call for use cases]
To: Todd Vierling <tv@duh.org>
From: Hubert Feyrer <hubert@feyrer.de>
List: tech-security
Date: 07/24/2005 22:08:11

On Fri, 22 Jul 2005, Todd Vierling wrote:
> You'd need to sign the +INSTALL and +DEINSTALL scripts too, as they can
> generate files not tracked by +CONTENTS.

Please let's just sign the whole file.
It's more failsafe, and not that difficult to implement, see my other 
posting.


  - Hubert