clearsigning perl ?

Frank Tobin
Sun, 17 Sep 2000 17:42:39 -0500 (CDT)

Hash: SHA1, at 22:29 -0400 on Sat, 16 Sep 2000, wrote:

> I realize this leaves the lines at the beginning of the program, which
> could be maliciously modified to do bad things, are not verified. I think
> I would mention what they should look like on the last lines before the
> signature, and provide a url to my public key.
Your best solution is to make a real perl package, full with the Makefile.PL., and then sign the tar.gz. Perl, when it installs perl scripts, changing the beginning line automatically; however, one checks the sigs before even untarring/ungzipping, so this is not a problem. If you are new to Perl package management, I can personally recommend pgpenvelope, at, as an example of how to approach it. Feel free to mail me off-list for further questions about this. - -- Frank Tobin -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.2 (FreeBSD) Comment: pgpenvelope 2.9.0 - iEYEARECAAYFAjnFSOsACgkQVv/RCiYMT6NdSACgmikmhpeSvi5fiumyqENxDXmu +CwAn1zEn06yHrYsKf65lNVZsFpfB+V/ =YXn9 -----END PGP SIGNATURE----- -- Archive is at - Unsubscribe by sending mail with a subject of "unsubscribe" to