On Wed, 24 Mar 2004, Dimitrie O. Paun wrote:
This is redundant with the (detached) signatures. But, just s/.cookie/.sig/ and it works the same.
I understand, but please provide the .cookie. Let's try to minimize changes at this point, OK?
OK, I'll provide [file].cookie with [file]'s MD5Sum. But we will need to migrate to using the signatures: a simple md5sum doesn't pass muster.
[...]
I was talking about implmentation speed :) That is, it may take us a bit longer to actually check the sig, but we can go ahead without it.
If it helps, here's a quick-n-dirty sample of how to check a signature:
gpg -q --batch --verify winetest-20040323-2314.zip.sig >/tmp/gpg 2>&1 || (echo "Bad signature, gpg reported:"; awk '{print " ",$0}' /tmp/gpg)
HTH
---- Paul Millar