John Bradford wrote:
>>>No, it would add absolutely nothing (other than clutter.) All the .sign
>>>files are good for is to check for rogue mirrors.
>>
>>Or a rogue *primary* site, as has already happened to OpenSSH and Sendmail.
>
>
> I see what you mean, but I don't see how it makes it any less useful
> to have them on the front page - if you download the latest kernel
> patch from a mirror, you could then just click on the relevant link on
> the front page of kernel.org - infact, as http access to kernel.org is
> frequently much slower than ftp, it might actually be very useful,
> because anybody downloading via http would make two requests, (OK,
> about 7, because of the images on the front page), instead of about
> 13, if they traverse each directory to the .sign file.
>
No, just download the signature from the mirror and verify it. This
isn't an MD5 signature.
-hpa
-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/
This archive was generated by hypermail 2b29 : Fri Jan 31 2003 - 22:00:23 EST