[arch-general] Archlinux ISO signing
lisaev at umail.iu.edu
Sun Jul 21 18:56:28 EDT 2013
One of the ways to verify an archlinux iso image is via its gpg
signature. However, doing this on an atom/geode system with < 1GiB of RAM is
definitely not fun. And I suppose it also takes noticeable time to sign, even
on an opteron/xeon server.
Is there a particular reason why the images themselves are signed as
opposed to only their checksum files? For instance, Fedora provides
sha256sums with inline sigs , and verifying image checksum + checksum file
signature is _much_ less CPU and memory demanding than verifying signature of
an entire image.
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 490 bytes
Desc: not available
More information about the arch-general