Bug#874029: uscan: please support signature file containing list of signatures
James McCoy
jamessan at debian.org
Sat Sep 2 17:54:12 UTC 2017
On Sat, Sep 02, 2017 at 09:58:43AM +0200, Jérémy Lal wrote:
> The typical example i have under the hand is:
> https://nodejs.org/dist/v6.3.1/
> https://nodejs.org/dist/v6.3.1/SHASUMS256.txt
> https://nodejs.org/dist/v6.3.1/SHASUMS256.txt.asc
The subject confused me a bit. This appears to be a list of the hashes
of each file, and this list of hashes is signed. That's quite different
than the current signature handling, which expects a signature of the
archive and verifies the archive against that signature.
Cheers,
--
James
GPG Key: 4096R/91BF BF4D 6956 BD5D F7B7 2D23 DFE6 91AE 331B A3DB
More information about the devscripts-devel
mailing list