On Tue, Aug 13, 2002 at 04:44:23PM +0200, Perl Authors Upload Server wrote: > The following module was proposed for inclusion in the Module List: > modid: Module::Signature > DSLIP: cdpfp > description: Module signature file manipulation > userid: AUTRIJUS (Autrijus Tang) > chapterid: 2 (Perl_Core_Modules)
I chose the Module:: namespace instead of ExtUtils::, because of the similarity of this and existing Module::* modules (::Dependency, ::Info, ::MetaInfo) seems to be greater than the ExtUtils:: bunch. > rationale: > Module::Signature adds cryptographic authentications to CPAN > distribution files, via the special SIGNATURE file. And the ::Signature portion directly correspond to the SIGNATURE file; in earlier discussion it was MAKEFILE.digest, but that name does not reflect its nature well, looks slightly worse on 8.3 (MAKEFILE.dig vs. SIGNATUR), and does not have a standard extension filename. A SIGNATURE files looks like below: -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SHA1 82795f8f0e77ec3d85a6770395652fa382695930 Changes SHA1 7a7d8d78157f0a02e8db2f8f0ca4c4a87cd0cb6e MANIFEST SHA1 1f886c22be243d3e41b56270c30ca26591bc37e5 Makefile.PL SHA1 96619d20efb174d4ec51a1d4f6facaa68c35daa9 README SHA1 d6f45aa0677174c90b1049bc0108c30b9fbd5a8a Signature.pm SHA1 39d5b47a33a3e502d8423169f4dec2ab37e07f29 TODO SHA1 9ade089dd3bc5bf67be2292aee2fb9435a00ca17 bin/cpansign SHA1 b173929a459fdfd058502ca736906b5d6db5e529 t/1-basic.t -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.0.7 (FreeBSD) iD8DBQE9WRIPtLPdNzw1AaARAo2RAJ9IOm7uTxlddoEfgxZBicsYbQHI3QCffwad yHiYAbGeKICuHlGoNZkJs3Q= =0QdN -----END PGP SIGNATURE----- The 'cpansign' utility that comes with the distribution may be used to sign a distribution, as well as verifying it before running Makefile.PL. Comments welcome. Thanks, /Autrijus/
msg12000/pgp00000.pgp
Description: PGP signature
