The full recommendation is put at the end of this readme file,
signed with Peter's key.
>>> THE PROBLEM <<<
~~~~~~~~~~~
For some years now, "lamers" and other idiots have had the chance
to play with other computer artists work - adding viruses, changing
code, adding banners to the executable, releasing fake 'upgrades' to
get their name out, etc. This has been possible, as the end-user has
no way to check that the files still are the same as when the author
released it, and that no hidden 'features' have been added.
>>> THE SOLUTION <<<
~~~~~~~~~~~~
With PGP and MD5SUM, authors distributing their works have been
given tools to make sure no one have 'fun' with their work, as the
end-user has the possibility to check that the file's origin really is
correct. Any modifications to the files in the archive will thus be
detected, as a file with 'finger prints' is included, which only can
be created by the author.
However, making such a file with message digests, signing it and
finally archiving all the files are usually a quite big, boring and
time-consuming task. Not anymore.
>>> INTRODUCING... <<<
~~~~~~~~~~~~~~
SignArch, now with fully featured Graphical User Interface!
Point'n'click, use ReqTools requesters to select the files to be
archived and ZIP! (or rather: LHA! :), everything is SIGNED with
pgp, ARCHIVED with lha and READY to distribute - it's even EASIER than
using LhA itself!
Of course, you may save the settings and files to a parameter
file, which may be processed with an external script, so you don't
have to repoint and reclick each time!
If you're doing internal distribution, optional encryption of
final archive is supported, also for multiple receivers.
Although a Graphical User Interface is included, even CLI lovers
will enjoy the package, as a LhA 'substitute' will take parameters
almost as LhA (even wildcards when signing), and automagically both
include signatures and archive everything. A special script is also
included for adding signatures to existing archives. Thus, lovers of
both worlds should be satisfied.
>>> REQUIRES <<<
~~~~~~~~
- An Amiga with Kick 2.04 or higher.
- ARexx and PGP 2.3a.3 or higher properly installed, in the path.
- MD5SUM (included with PGP) and LhA in the path.
- reqtools.library (NOT included! Get this from somewhere else)
- rexxreqtools.library (optional, not included)
By the way, this package does of course include a signed file with
message digests, be suspicious if that one is missing!
>>> RECOMMENDATION <<<
~~~~~~~~~~~~~~
-----BEGIN PGP SIGNED MESSAGE-----
I can really recommend Jens' SignArc utility. I
have tested the beta version for bugs and enforcer
hits and I couldn't find any in the time I used
it. I also didn't notice any flaws in the way he
uses PGP.
SignArc, in combination with PGP, is really useful
for securing your software against hackers
modifying the distribution. And not only that, it
makes the compilation of release archives in
general a lot easier than before.
I will use it myself to assemble the distributions
of my own software, including PGP.
Sincerely,
Peter Simons
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2i beta
iQCVAgUBL1OdwA9HL1s0103BAQHoEgP/SPyJSyjHro8XBxyihtKLcL/JYD19ccri
fnqf93/dY6Wuc78x2Y7tJHp9/Plhh+GH0Ej8v04Lptn13jel33j1moPG5ORg7316
NppMALshvL/z3Q92tftn57jHh4DbCsCU/j+WFzFRb9/fw7/qfFhNWLL66im4Q/h8
4EYmcLswJTA=
=Re8l
-----END PGP SIGNATURE-----
|
aminet net>