http://groups.google.com/group/metalink-discussion/web/internetdraft
this is the final remaining large(?) issue with the current Internet
Draft. does anyone have experience with other types of signatures that
could be included in metalinks?
* Section 4.2.14 - Current Metalinks are limited to including PGP
signatures of files listed inside the Metalinks, but not other types
of digital signatures. (This does not concern signing of Metalinks
themselves, that is covered in the Securing Metalink Documents and
Security Considerations: Signing sections).
We need to allow other types of file signatures, besides PGP, to
be referenced in Metalinks.
Current usage documented. For instance, this openSUSE Metalink
contains a PGP signature:
<file name="openSUSE-11.1-KDE4-LiveCD-i686.iso">
<size>695363584</size>
<verification>
<signature type="pgp">
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQBJQQzIqE7a6JyACsoRApZ6AJ4rdTLSvGpE+9eypNDvUN1gek+v0gCe
OWh2KbN6kP3W4wjRZTTI6/yzf/M=
=Lv/N
-----END PGP SIGNATURE-----
</signature>
</verification>
...
</file>
Only the command line Metalink Checker uses signatures (and only
if GnuPG is installed). aria2 also recognizes if a signature is
included, writes it to a file, but does NOT use the signature.
--
(( Anthony Bryan ... Metalink [ http://www.metalinker.org ]
)) Easier, More Reliable, Self Healing Downloads
--~--~---------~--~----~------------~-------~--~----~
You received this message because you are subscribed to the Google Groups
"Metalink Discussion" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/metalink-discussion?hl=en
-~----------~----~----~----~------~----~------~--~---
