[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Sks-devel] Secure packaging
From: |
Peter Palfrader |
Subject: |
Re: [Sks-devel] Secure packaging |
Date: |
Fri, 5 Dec 2003 20:38:02 +0100 |
User-agent: |
Mutt/1.5.4i |
On Fri, 05 Dec 2003, Dan Egli wrote:
> > Distribute a detached signature alongside the tarball.
> The best method I actually ever saw, albeit a bit paranoid, was to md5
> sum the file, then NON-detached sign the md5 file.
>
> here's an example from the Knoppix linux distrubitions
>
> 8f841bae907f828ed7a36a0213746ab1 *KNOPPIX_V3.3-2003-11-19-EN.iso
Why would this be better? It requires more steps to create, it requires
more steps to verify, and it adds nothing from a security PoV.
Peter
--
PGP signed and encrypted | .''`. ** Debian GNU/Linux **
messages preferred. | : :' : The universal
| `. `' Operating System
http://www.palfrader.org/ | `- http://www.debian.org/
signature.asc
Description: Digital signature