Generate digest and signature seperately

Ben McGinnes ben at adversary.org
Mon Jun 13 01:38:04 CEST 2011


On 13/06/11 9:16 AM, Jerome Baum wrote:
> 
> Who makes these considerations?
> 
> In any case, what kind of database is this that it's too much of a
> hassle to copy over? What size, etc.?

Given this line from the original post, "developers for the Arch Linux
distribution need a way to sign databases (lists of software packages)
on the central repository (package server) without having to copy those
repositories to their local computer and back" I'm guessing that it'd be
at least 4-6Gb per architecture.

Given not every developer may have the bandwidth to handle regular
transfers of that size, I can see why they'd want to avoid it.  Why they
don't go for signing each package instead is another matter.


Regards,
Ben

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20110613/2be86b72/attachment-0001.pgp>


More information about the Gnupg-users mailing list