Jason McCarty <[EMAIL PROTECTED]> writes: > Maybe, but what alternative do we have today? AIUI, gpg-signing in > general just encrypts a hash (of a hash, in our case), so you need a > good choice for both the hash tla uses and the one gpg uses. So which > hash(es)?
By the way, why doesn't arch just sign the .tar.gz instead of signing a hash of this .tar.gz ? -- Matthieu _______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
