Actions
Issue #2070
openMention gpg complexity in [[ReleasesKey]]
Status:
New
Priority:
Normal
Assignee:
-
Category:
Website and wiki content
Target version:
-
Start date:
07/01/2020
Due date:
% Done:
0%
Estimated time:
Resolution:
Device:
Unknown
Grant:
Type of work:
Unknown, Wiki editions
Updated by Denis 'GNUtoo' Carikli over 4 years ago
This only needs to be mentioned as a tradeoff as we'd need more rationale than that for moving away from gpg for signing releases (we would need a replacement tool that would work for Replicant).
References:- https://tools.ietf.org/html/rfc4880
- Signatures have many parts in their packet:
$ gpg --list-packets recovery-i9300.img.asc # off=0 ctb=89 tag=2 hlen=3 plen=563 :signature packet: algo 1, keyid 5F5DFCC14177E263 version 4, created 1578784783, md5len 0, sigclass 0x00 digest algo 8, begin of digest 78 ba hashed subpkt 33 len 21 (issuer fpr v4 782F9DDBE36BA7F3D4DE49065F5DFCC14177E263) hashed subpkt 2 len 4 (sig created 2020-01-11) subpkt 16 len 8 (issuer key ID 5F5DFCC14177E263) data: [4096 bits]
Updated by _I3^ RELATIVISM over 3 years ago
- Type of work Unknown, Wiki editions added
Actions