guix-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Torrenting GuixSD!


From: Andreas Enge
Subject: Re: Torrenting GuixSD!
Date: Wed, 25 Feb 2015 18:51:56 +0100
User-agent: Mutt/1.5.23 (2014-03-12)

On Wed, Feb 25, 2015 at 10:32:50AM -0500, Mark H Weaver wrote:
> If we were to extend this argument to non-torrent downloads, then all
> of our downloads (source tarballs and images) should be tar files
> containing a signature bundled with the thing being signed.  mit-krb5
> follows this policy with their source tarballs.

No, extending this argument to non-torrent downloads means that we should
advertise the signature next to the actual file. This holds on the gnu ftp
servers, where alphabetical ordering ensures they are next to each other.
And it usually holds on web sites. In both cases, there is almost no extra
effort for downloading the signature.

Alternatively in our case, since the torrent file also needs to be downloaded
from somewhere, it would make sense to put the signature file next to the
torrent file on the download site.

Andreas




reply via email to

[Prev in Thread] Current Thread [Next in Thread]