Detached PGP signatures #204

Closed
netblue30 opened this Issue Dec 29, 2015 · 0 comments

Projects

None yet

1 participant

@netblue30
Owner

Moved from SourceForge bug tracker:

I saw that you are providing signed checksums for your released files, which is awesome (not many projects do that)! :-)

Would it be possible to also (or instead?) provide detached signature files for the source tarballs? Debian has a tool "uscan", which checks for new releases. It is also capable to automatically verify the integrity of the downloaded sources, if detached signatures are available [1].

1: https://wiki.debian.org/debian/watch#Cryptographic_signature_verification

@reinerh reinerh added a commit to reinerh/firejail that referenced this issue Jul 30, 2016
@reinerh reinerh Create detached signature for source tarball (Closes #204) 7f2ef93
@netblue30 netblue30 closed this in 6d9b627 Jul 31, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment