5 May
2010
5 May
'10
11:04 p.m.
On 06/05/10 03:38, Linas wrote:
Allan McRae wrote:
The first method is what is currently used on the gpg patches that are available. The signature is made in a separate file and then is inserted in the repo db when the package is added.
I would prefer having the signature along the package. Maybe as a tar extended header. This way you can't lose the detached signature (it also means that you need to download twice as much files).
But you do not need to... you download the repo db (which contains the signature) and the package. Same as always.