Hello,
On 14/09/14 16:50, Wietse Venema wrote:
> I see. You could of course turn on those options. I have no plans
> to re-sign already-released tarballs.
Understood.
>> If at all possible I would appreciate a more modern digest algorithm to
>> be used as far as it works with the compatibility concerns you mentioned.
>
> I can update the packaging script to issue multiple PGP signatures.
> What suffix do you suggest for sha512-based PGP signatures? I have
> no plans to stop issuing the traditional MD5-based .sig files.
That will be fine. I do not know if there is an established pattern for
this, but I suggest postfix-${VERSION}.tar.gz.asc as a straightforward way.
Thanks,
Andreas
