[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Packaging packages with GPG signed source archives
From: |
Ludovic Courtès |
Subject: |
Re: Packaging packages with GPG signed source archives |
Date: |
Thu, 01 Sep 2016 10:29:16 +0200 |
User-agent: |
Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux) |
Troy Sankey <address@hidden> skribis:
> Quoting Ludovic Courtès (2016-08-31 16:21:49)
>> (That said, more and more software is distributed via Git rather than as
>> tarballs, and most repos are unsigned; even if they were, there are
>> basically no tools to meaningfully authenticate a Git checkout…)
>
> In that case, not all hope is lost---I've seen many projects sign git tags.
Indeed, but signing is the easy part. :-)
http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#73
Ludo’.
- Re: Packaging packages with GPG signed source archives,
Ludovic Courtès <=