On 02/14/2016 01:16 AM, Ken Cline wrote: > >> On 13 Feb 2016, at 10:33 PM, Mirimir <miri...@riseup.net> wrote: >> >> I can't say that I trust the MAR update protocol as much as >> checking GPG signatures. > > In practice, the OpenPGP format used by GPG is unsatisfactory for > automatic software updates. GPG does not provide a library for > creating or reading this format, so you'd have to run the signature > checking in a child process, along with gpg-agent, intrusive keyring > management, and quirky behavior across operating systems. More > trouble than it is worth!
Well, apt seems to handle GnuPG signatures quite transparently. But yes, then there are Windows and iOS. <SNIP> -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
