signed tarballs
Christian Rebischke
Chris.Rebischke at archlinux.org
Thu Apr 13 20:28:12 UTC 2017
On Tue, Apr 11, 2017 at 10:03:54AM -0400, Steve Grubb wrote:
> I added a sha256sum to the release announcement yesterday. You can also access
> the people page via https.
>
Thanks, but as I stated before. SHA256 and https doesn't ensure a
non-malicious tarball. Only a signed tarball can achieve this.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/linux-audit/attachments/20170413/73032b40/attachment.sig>
More information about the Linux-audit
mailing list