On Sat, Sep 01, 2001 at 07:21:28PM +0200, Simon Richter wrote: > On Sat, 1 Sep 2001, Christian Kurz wrote: > > > not be ascii armored since this would only introduce transmission overhead > > > and gain nothing. The file name for this file is constructed from the > > > Why does it gain nothing? What about problems during transmission? The > > ascii armor output which is protected by a crc checksum would help > > notice such a transmission problem.
Have I misunderstood that a signature is a kind of checksum. What purpose does adding a checksum to a checksum have? If the signature is invalid the .deb should not be trusted, but thrown away and redownloaded. > > > - An end user can verify who built the .deb file. > > > And how many developers does a end user personally know, so that he > > trust them? In my humble opinion, this will not gain anything for the > > end-users. But it might be nice for developers. -- Niklas