signed summary file



Hi!

I am working on having static-delta files listed into the summary, in
this way it will be possible to sign only the summary file instead of
each file separately:

https://github.com/GNOME/ostree/pull/98

As part of the review process, we got into the question whetever it is
better to have a separate summary.sig file, as my series does, or
instead include signatures in the summary file itself and by possibly
breaking backward compatibility.

I don't really see any clear advantage going in each direction, a
self-contained summary file may look clearer, but probably a detached
.sig file is easier to handle as there is no need for the client to
modify the data in the summary file before validating it (also less
data should be parsed before validating it as the signature file is much
simpler).

Any comments?

Thanks,
Giuseppe


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]