signed tarballs
Christian Rebischke
Chris.Rebischke at archlinux.org
Tue Apr 11 10:44:13 UTC 2017
On Mon, Apr 10, 2017 at 02:35:31PM -0400, Steve Grubb wrote:
> Nobody has ever asked for one. I literally build the package in Fedora within
> a few minutes of a release. Fedora has hashes of the audit tar file in the
> "sources" file in the build system in case you want any historical
> information:
>
> http://pkgs.fedoraproject.org/cgit/rpms/audit.git/log/sources
>
Hello Steve,
well.. then I want to ask you if you could use gpg signatures in future
for your releases. We, at arch linux, are currently encouraging upstream
to use signed releases and https. It's just 5min of work and it's a big
step to a more secure internet. Thanks.
chris
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170411/85919365/attachment.sig>
More information about the Linux-audit
mailing list