Andreas Enge <andr...@enge.fr> skribis: > On Wed, Feb 25, 2015 at 10:32:50AM -0500, Mark H Weaver wrote: >> If we were to extend this argument to non-torrent downloads, then all >> of our downloads (source tarballs and images) should be tar files >> containing a signature bundled with the thing being signed. mit-krb5 >> follows this policy with their source tarballs. > > No, extending this argument to non-torrent downloads means that we should > advertise the signature next to the actual file.
What about having the .sig URL right next the the Torrent URI on the web page? I think it would work the same in terms of “education”. Ludo’.