>True, but some won't bother with checking a GPG signature, is it `gpg >--verify foo.sig foo'?, but will run sha1sum(1) or similar, so the more >the merrier. And it's more being able to check this file is complete >and correct, especially if I've dredged it up some years later and want >to check it's the right, final, one. They'd have to modify your >announcement email too.
Ah, I remember why I use GPG; that's a savannah requirement that they put in place after a break-in. I think, when I looked at it, there wasn't an obvious cross-platform checksum program. To me, that's one of those things that if someone else does the work I'd be fine with adding it, but it's not worth it for me to do it. --Ken _______________________________________________ Nmh-workers mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/nmh-workers
