2017-09-02 19:54 GMT+02:00 James McCoy <james...@debian.org>: > On Sat, Sep 02, 2017 at 09:58:43AM +0200, Jérémy Lal wrote: > > The typical example i have under the hand is: > > https://nodejs.org/dist/v6.3.1/ > > https://nodejs.org/dist/v6.3.1/SHASUMS256.txt > > https://nodejs.org/dist/v6.3.1/SHASUMS256.txt.asc > > The subject confused me a bit. This appears to be a list of the hashes > of each file, and this list of hashes is signed. That's quite different > than the current signature handling, which expects a signature of the > archive and verifies the archive against that signature. >
Indeed ! Hence the feature request ! Jérémy