Win32 packages released on sourceforge
Dimitrie O. Paun
dpaun at rogers.com
Wed Mar 24 08:27:15 CST 2004
On March 23, 2004 3:21 pm, Paul Millar wrote:
> > -- store the MD5SUM key that you've computed into a sister file
> > with the name winetest-<YYYYMMDDhhmm>.zip.cookie. It's URL will be:
> > http://theserver/path/winetest-<YYYYMMDDhhmm>.zip.cookie
>
> This is redundant with the (detached) signatures. But, just
> s/.cookie/.sig/ and it works the same.
I understand, but please provide the .cookie. Let's try to
minimize changes at this point, OK?
> > C. You need to tell us _exactly_ what the 'http://theserver/path/'
> > is going to be. We need to store that on the WineHQ end to
> > protect against others doing nasty stuff with our distribution
> > system. :)
>
> By all means, but its redundant if the .ZIP file is signed.
Again, I understand, but let's keep this as well.
> > Sounds good. Having it signed is a good idea, and you can go ahead and
> > implement it. It may take us a bit longer to actually check the
> > signature, but that's a different matter.
>
> Hmmm, probably about the same speed. AFAIK, gpg using md5sums internally
> (within signatures), so its the time taken to decrypt a md5sum in the
> signature, calculate the md5sum of the .ZIP file and compare the two.
I was talking about implmentation speed :) That is, it may take us a bit longer
to actually check the sig, but we can go ahead without it.
--
Dimi.
More information about the wine-devel
mailing list