poked around with the API and confirmed that binary payloads for signing do not show up in the output of getPublishedBinaries(); so as long as the assumption holds that p-u-p is the same for all binaries from a source, this implementation should be safe, and a lot faster.
poked around with the API and confirmed that binary payloads for signing do not show up in the output of getPublishedBin aries() ; so as long as the assumption holds that p-u-p is the same for all binaries from a source, this implementation should be safe, and a lot faster.