clearsigning perl ?
Frank Tobin
ftobin@uiuc.edu
Sun, 17 Sep 2000 17:42:39 -0500 (CDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Darxus@ChaosReigns.com, at 22:29 -0400 on Sat, 16 Sep 2000, wrote:
> I realize this leaves the lines at the beginning of the program, which
> could be maliciously modified to do bad things, are not verified. I think
> I would mention what they should look like on the last lines before the
> signature, and provide a url to my public key.
Your best solution is to make a real perl package, full with the
Makefile.PL., and then sign the tar.gz. Perl, when it installs
perl scripts, changing the beginning line automatically; however,
one checks the sigs before even untarring/ungzipping, so this is
not a problem.
If you are new to Perl package management, I can personally recommend
pgpenvelope, at http://pgpenvelope.sourceforge.net/, as an example of how
to approach it. Feel free to mail me off-list for further questions about
this.
- --
Frank Tobin http://www.uiuc.edu/~ftobin/
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.2 (FreeBSD)
Comment: pgpenvelope 2.9.0 - http://pgpenvelope.sourceforge.net/
iEYEARECAAYFAjnFSOsACgkQVv/RCiYMT6NdSACgmikmhpeSvi5fiumyqENxDXmu
+CwAn1zEn06yHrYsKf65lNVZsFpfB+V/
=YXn9
-----END PGP SIGNATURE-----
--
Archive is at http://lists.gnupg.org - Unsubscribe by sending mail
with a subject of "unsubscribe" to gnupg-users-request@gnupg.org