Sven-Hendrik Haase <sh@lutzhaase.com> on Thu, 2013/01/31 13:19:
On 31.01.2013 13:02, Christian Hesse wrote:
Pierre Schmitz <pierre@archlinux.de> on Wed, 2013/01/30 19:12:
I am going to build a new ISO image on Friday. I did a test build today and everything looks fine. It's just updated packages; no changes to ais nor archiso. Let me know if there are any known issues or blockers.
This is not about the ISO itself but its download...
Torrent download files can contain more than just one file. How about including gpg signature for the ISO file? Possibly this increases the number of people actually checking the authenticity of downloaded files.
Frankly, why? The torrent already guarantees you didn't get bad data.
Sure. But the gpg signature is not (only) about integrity but authenticity. If you get a bad (not broken) torrent file you could download a bad ISO image without noticing anybody is fooling you. -- main(a){char*c=/* Schoene Gruesse */"B?IJj;MEH" "CX:;",b;for(a/* Chris get my mail address: */=0;b=c[a++];) putchar(b-1/(/* gcc -o sig sig.c && ./sig */b/42*2-3)*42);}