Re: 1.030 RPM still unsigned?

[Wil C. <wc...@na...>]

On Mon, 2002-11-04 at 01:29, Jamie Cameron wrote:
> Wil Cooley <wc...@na...> wrote ..
> >=20
> > Yes, the RPM is still unsigned :(  Jamie, do you need help with the GPG
> > part?
>=20
> No, I've figured out how to work GPG. I'm just looking for a solution for
> signing the .tar.gz packages of webmin and individual modules as well
> before putting out signed versions. Any idea how people usually handle
> the signing of .tar.gz files? With RPMs, the file format can handle the
> signature actually being part of the file, but that isn't the case with
> tarballs ..

A detatched signature is how people handle tar.gz.  In order to
effectively handle per-module updates, you might consider repackaging so
the modules go into separate or subpackages.  I know that'd be a fair
amount of work, which is why I've never suggested it before.

Wil
--=20
Wil Cooley                                 wc...@na...
Naked Ape Consulting                        http://nakedape.cc
* * * * Linux, UNIX, Networking and Security Solutions * * * *
QCSNet                                     http://www.qcsn.com
* * * * T1, Frame Relay, DSL, Dial-up, and Web Hosting * * * *