Michael Still <[EMAIL PROTECTED]> writes:
> Autoconf could run gnupg / pgp (if present) after generating the
> configure script and produce a checksum on the script. If this was a
> default action, then it would increase the chance of developers having
> at least some checksumming.
Better to sign the whole package, I'd think, and if you sign the whole
package, an additional signature (I think you mean signature and not
checksum) doesn't seem to add any value.
--
Russ Allbery ([EMAIL PROTECTED]) <http://www.eyrie.org/~eagle/>
