On Thu, 2 Feb 2006, Greg Hudson wrote:
> On Thu, 2006-02-02 at 10:22 -0600, kfogel@collab.net wrote:
> > > IIRC the only issue is that if you sign such a randomly-named file,
> > > the signature isn't valid for the correctly-named file. Well, people
> > > whose signatures count can rename the tarball locally before signing
> > > it.
>
> > I think that would get us into a degree of complexity we don't want.
>
> > Simplicity is: you get handed an object, you test it, sign it, and
> > post your signature.
>
> > Complexity is: anything more than that :-).
>
> Well, it's a little bit of complexity for testers, vs. a little bit of
> complexity for users. There are a lot more users than testers.
>
Agreed. I test the tarball using a script anyway (which includes
generating .gz from .bz2 and signing), so that little extra complexity
doesn't seem like a problem to me. This sounds like a good solution to
me.
Thanks,
//Peter
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Thu Feb 2 20:23:40 2006