[2007] in Kerberos_V5_Development
Re: Final draft of build instructions of krb5 1.0
daemon@ATHENA.MIT.EDU (Theodore Y. Ts'o)
Sat Nov 23 17:16:39 1996
Date: Sat, 23 Nov 1996 17:16:26 -0500
From: "Theodore Y. Ts'o" <tytso@MIT.EDU>
To: Marc Horowitz <marc@cygnus.com>
Cc: "Theodore Y. Ts'o" <tytso@MIT.EDU>, krbdev@MIT.EDU
In-Reply-To: Marc Horowitz's message of 23 Nov 1996 01:55:30 -0500,
<t53d8x52tct.fsf@rover.cygnus.com>
From: Marc Horowitz <marc@cygnus.com>
Date: 23 Nov 1996 01:55:30 -0500
Lines: 16
If you do this, then the build information is not bound to the tarball
in any way. I think the build information should be in the tarball,
too, so that it is part of the signature. This makes the build info
in the .asc file advisory, and the info in the tarball authoritative.
The other option is not to have the build into in the .asc file at all.
If you read the build intrstructions, you'll see that the build
information is there both in the signature file, AND in README.buildinfo
file in the tarball.
The build information in the .asc file is indeed only advisory, and more
so that people can figure out what's inside the tarball without needing
to unpack it first. The README.buildinfo file that's inside the signed
tarball is of course the authoratative version.
- Ted
