signed tarballs
Christian Rebischke
Chris.Rebischke at archlinux.org
Fri Apr 7 23:41:25 UTC 2017
On Thu, Apr 06, 2017 at 06:27:08PM -0700, William Roberts wrote:
> Why not just checkout the release with git?
Because this wouldn't solve the problem or do you use signed commits in
your linux-audit git repository? And even if you use signed commits I
really would appreciate if you would sign the tarball and provide a hash
for it on the release page. This would increase security a lot.
cheers,
chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170408/6464b1ce/attachment.sig>
More information about the Linux-audit
mailing list