Daniel Kahn Gillmor <dkg@fifthhorseman.net> writes: > > sure, though i'd change the .sha256.asc to be a clearsigned file instead > of the current ASCII-armored OpenPGP message that it currently is (as > Adam suggested elsewhere in this thread). And we can ditch the .sha256 > itself, which doesn't seem to be doing any useful work. > > --dkg Err, wouldn't we be relying on the .sha256 file to be byte reproducible in perpetuity then? That seems to tie us to coreutils and reduce the options of users for verification, no? d _______________________________________________ notmuch mailing list notmuch@notmuchmail.org https://notmuchmail.org/mailman/listinfo/notmuch