[libvirt] Verifying libvirt release tarballs
Richard Weinberger
richard.weinberger at gmail.com
Mon Aug 11 21:40:11 UTC 2014
Hi!
How can I cryptographically verify libvirt releases?
There are no signature/hash files in http://libvirt.org/sources/.
All I see is that your git release tags are PGP signed.
So, anyone who cares has to ignore everything in http://libvirt.org/sources/
and needs to regenerate the tarball from git.
Or do I miss something?
--
Thanks,
//richard
More information about the libvir-list
mailing list