On 7/21/19 4:11 AM, Stephen Gregoratto wrote:
On 2019-07-21 02:42, Eli Schwartz via arch-general wrote:
How does renaming the file from SHA256.sig to SHA256 help you validate
the contents using signify?
I rename it in the source array:
"SHA256::${_mirrorurl}/${pkgver}/amd64/SHA256.sig"
I
On 7/21/19 9:19 AM, brent s. wrote:
i can't speak for why it bothers Eli, but it bothers me because that's
exactly what GPG detached sigs are already: signed hash checksums. The
signify method is a signed hash checksum of a (list of) hash
checksum(s). To me it feels like an unnecessary abstractio
On 7/21/19 4:40 AM, Ralf Mardorf via arch-general wrote:
> On Sun, 21 Jul 2019 02:42:39 -0400, Eli Schwartz via arch-general wrote:
>> The latter problem is why I'm incredibly frustrated by projects that
>> use PGP, too -- when the only thing they sign is a file containing
>> checksums, and not th
On Sun, 21 Jul 2019 02:42:39 -0400, Eli Schwartz via arch-general wrote:
>The latter problem is why I'm incredibly frustrated by projects that
>use PGP, too -- when the only thing they sign is a file containing
>checksums, and not the actual source file.
But it doesn't matter, since when the chec
On 2019-07-21 02:42, Eli Schwartz via arch-general wrote:
> How does renaming the file from SHA256.sig to SHA256 help you validate
> the contents using signify?
I rename it in the source array:
"SHA256::${_mirrorurl}/${pkgver}/amd64/SHA256.sig"
That way makepkg doesn't think it's a PGP signatu
On 7/21/19 2:19 AM, Stephen Gregoratto via arch-general wrote:
I recently adopted the openbsd-manpages package[1], and wanted to verify
downloaded files using OpenBSD's signify(1) tool. For each release of
OpenBSD, you download the base public key[2], the architecture-specific
files and the SHA25
6 matches
Mail list logo
