GNU bug report logs - #47634
Accompany .asc and .DIGESTS keys for the ISO

Previous Next

Package: guix;

Reported by: bo0od <bo0od <at> riseup.net>

Date: Wed, 7 Apr 2021 05:43:01 UTC

Severity: normal

Tags: wontfix

Done: Ludovic Courtès <ludo <at> gnu.org>

Bug is archived. No further changes may be made.

Full log

Message #14 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Carlo Zancanaro <carlo <at> zancanaro.id.au>
To: bug-guix <at> gnu.org, bo0od <bo0od <at> riseup.net>,
 Leo Famulari <leo <at> famulari.name>
Cc: 47634 <at> debbugs.gnu.org
Subject: Re: bug#47634: Accompany .asc and .DIGESTS keys for the ISO
Date: Fri, 09 Apr 2021 08:57:00 +1000

On 9 April 2021 3:34:20 am AEST, bo0od <bo0od <at> riseup.net> wrote:
>This is nicely written by Qubes documentation:
>
>https://www.qubes-os.org/security/verifying-signatures/

From that page:

> If you’ve already verified the signatures on the ISO directly, then verifying digests is not necessary.

Which implies that the signatures are sufficient, right?

What is the benefit to providing the key (.asc) and hashes (.DIGESTS)? The page you linked provides rationale for providing and checking digital signatures, but we already provide them.

Carlo

This bug report was last modified 4 years and 39 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #47634 Accompany .asc and .DIGESTS keys for the ISO

GNU bug report logs - #47634
Accompany .asc and .DIGESTS keys for the ISO