signed tarballs
Steve Grubb
sgrubb at redhat.com
Mon Apr 10 18:51:13 UTC 2017
On Saturday, April 8, 2017 8:53:10 AM EDT Paul Moore wrote:
> > I am the maintainer of 'audit' in the official Arch Linux Repositories.
> > Is there a reason why you don't provide a signature file for the
> > releases nor a checksum or am I just stupid and can't find it on your
> > website: https://people.redhat.com/sgrubb/audit/ ?
>
> Steve seems to be posting audit userspace releases both on his Red Hat
> people page and on GitHub; I'm not sure which he considers to be the
> "authoritative" release, he'll have to answer that.
>
> https://github.com/linux-audit/audit-userspace/releases
I consider the ones from the people page to be authoritative because its been
converted from raw, unprocessed development files to a distribution tarball by
use of the autotools. This involves running autogen.sh, ./configure, and then
make dist-check. Starting with the 2.7.5 release, I changed the naming
convention on github to make sure people can tell the difference when looking
at the release from the people page vs github.
-Steve
More information about the Linux-audit
mailing list