[libvirt] Verifying libvirt release tarballs

Richard Weinberger richard.weinberger at gmail.com
Mon Aug 11 21:40:11 UTC 2014


Hi!

How can I cryptographically verify libvirt releases?
There are no signature/hash files in http://libvirt.org/sources/.

All I see is that your git release tags are PGP signed.
So, anyone who cares has to ignore everything in http://libvirt.org/sources/
and needs to regenerate the tarball from git.
Or do I miss something?

-- 
Thanks,
//richard




More information about the libvir-list mailing list