Today I have closed the old web site where I and a friend of mine have tried to build a community. Building a community is hard, takes effort, and consequently, time. And time is a pretty scarce resource for us. We have decided to take down the old web, and I have moved the content to my new personal web: http://zvrba.net
When you want to digitally sign a file, you can either make an embedded signature or a detached signature. The disadvantage of the embedded signature is that the original format is mangled. You have to "unpack" the file to another file (the process of verification does this) to be able to use it. Not very convenient. Detached signature preserves the original format, but stores the signature in a separate file. Unless you have a convention and hold firmly to it, you will have problems with pairing up signatures and their corresponding files. Modern filesystems open up a third possibility: a signature can be placed into a file's extended attribute. This solves both problems: the file's original format is preserved, and the signature is still attached to the file.