> On Wed, May 14, 2014 at 17:55, Marc Espie wrote:
> > There's no point in providing SHA256.sig for packages. For one thing, it
> > goes out of synch rather easily. For another thing, it's redundant with
> > the package signatures themselves. THAT SHA256 file exists only to make it
> > easier to ch
On 2014-05-14, Marc Espie wrote:
> There's no point in providing SHA256.sig for packages.
We provide the SHA256 file to allow bulk integrity checking of the
packages. There may be little point in signing it, but signing it
also doesn't cost us anything, so why not?
--
Christian "naddy" Weisge
On 2014-05-14 12:09, Ted Unangst wrote:
Providing a mix of signed and unsigned SHA256 files would be a
dangerous inconsistency in my mind.
As an ordinary user, I can tell the difference between a file named
"SHA256" and a file named "SHA256.sig". It's very easy when both
files are included to
On Wed, May 14, 2014 at 17:55, Marc Espie wrote:
> There's no point in providing SHA256.sig for packages. For one thing, it
> goes out of synch rather easily. For another thing, it's redundant with
> the package signatures themselves. THAT SHA256 file exists only to make it
> easier to check that a
On Wed, May 14, 2014 at 11:21:43AM -0400, Ted Unangst wrote:
> On Wed, May 14, 2014 at 12:44, Stuart Henderson wrote:
> >>> $ \time -l signify -C -p /etc/signify/openbsd-55-pkg.pub -x SHA256.sig
> > moo-1.3p1.tgz
> >>> Signature Verified
> >>> moo-1.3p1.tgz: FAIL
> >>>65.83 real31.4
On 14 May 2014 11:26, Stuart Henderson wrote:
> On 2014/05/14 11:21, Ted Unangst wrote:
>> On Wed, May 14, 2014 at 12:44, Stuart Henderson wrote:
>> >>> $ \time -l signify -C -p /etc/signify/openbsd-55-pkg.pub -x SHA256.sig
>> > moo-1.3p1.tgz
>> >>> Signature Verified
>> >>> moo-1.3p1.tgz: FAIL
>>
On 2014/05/14 11:21, Ted Unangst wrote:
> On Wed, May 14, 2014 at 12:44, Stuart Henderson wrote:
> >>> $ \time -l signify -C -p /etc/signify/openbsd-55-pkg.pub -x SHA256.sig
> > moo-1.3p1.tgz
> >>> Signature Verified
> >>> moo-1.3p1.tgz: FAIL
> >>>65.83 real31.48 user34.32 s
On Wed, May 14, 2014 at 12:44, Stuart Henderson wrote:
>>> $ \time -l signify -C -p /etc/signify/openbsd-55-pkg.pub -x SHA256.sig
> moo-1.3p1.tgz
>>> Signature Verified
>>> moo-1.3p1.tgz: FAIL
>>>65.83 real31.48 user34.32 sys
>
> This was due to malloc flags 'S' or more spe
On 2014-05-14, Stuart Henderson wrote:
> On 2014-05-14, Stuart Henderson wrote:
>> On 2014-05-14, Marc Espie wrote:
>>> On Tue, May 13, 2014 at 06:42:53PM +, Alexej wrote:
Greetings gentlemen,
Downloaded and installed install55.iso, SHA256 was verified successfuly.
On 2014-05-14, Stuart Henderson wrote:
> On 2014-05-14, Marc Espie wrote:
>> On Tue, May 13, 2014 at 06:42:53PM +, Alexej wrote:
>>> Greetings gentlemen,
>>>
>>> Downloaded and installed install55.iso, SHA256 was verified successfuly.
>>>
>>> Downloaded firefox-26.0p1.tgz from Canada (Alber
On 2014-05-14, Marc Espie wrote:
> On Tue, May 13, 2014 at 06:42:53PM +, Alexej wrote:
>> Greetings gentlemen,
>>
>> Downloaded and installed install55.iso, SHA256 was verified successfuly.
>>
>> Downloaded firefox-26.0p1.tgz from Canada (Alberta) mirror site along with
>> SHA256 files.
>>
On Tue, May 13, 2014 at 06:42:53PM +, Alexej wrote:
> Greetings gentlemen,
>
> Downloaded and installed install55.iso, SHA256 was verified successfuly.
>
> Downloaded firefox-26.0p1.tgz from Canada (Alberta) mirror site along with
> SHA256 files.
>
> /pub/OpenBSD/5.5/packages/amd64/SHA256
>
12 matches
Mail list logo
