[pacman-dev] [arch-general] Package signing
Xavier Chantry
chantry.xavier at gmail.com
Thu May 6 14:08:54 CEST 2010
On Thu, May 6, 2010 at 2:06 PM, Linas <linas_fi at ymail.com> wrote:
>
> In fact, for tar.gz it is possible since gzip ignores trailing content
> after a nul, so
> the signature could be appended there without interfering with non-aware
> utils.
> That possibility was used to create illegal primes on the 09 F9 11...
> "controversy".
> See http://en.wikipedia.org/wiki/Illegal_prime
>
> I didn't mention it because we are now using xz, and it may not support
> that.
> Is anyone here familiar with its format?
>
I would avoid using hacks that depend on compression format. Better
stay flexible and compatible.
More information about the pacman-dev
mailing list