signatures on release tarballs?

From: Brian Gough <bjg gnu org>
To: gnome-infrastructure gnome org
Cc: bug-gsrc gnu org
Subject: signatures on release tarballs?
Date: Mon, 29 Mar 2010 10:19:26 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

I have a question regarding the release tarballs on ftp.gnome.org.
As far as I can tell, these are not gpg-signed.  Is that correct?

Are signatures available anywhere else or is there any alternative way
to check them?

I'm working on a collected release of all GNU software packages and
we'd like to verify everything that goes in it.  Thanks.

- --
Brian Gough

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iJwEAQECAAYFAkuwtsgACgkQ9U2K2oCCH+o6FgP/Xm++xAZHBHq4BZB91Fk/uFVQ
ozSErmWehGG7TWgwhZX9sdV5vW3/4SAAi2juTiXOvFIenWqHz/h407SBVZ6vAAK4
n43VkvjDBsqKse35VLXcqNbu6DTYhjsm9QGv3sFPh2H+kujn3RYBzXf5PSJQ6yFG
saAGbzOIvEVwiQ1A6Qg=
=9mxL
-----END PGP SIGNATURE-----

Follow-Ups:
- Re: signatures on release tarballs?
  - From: Sandy Armstrong
- Re: signatures on release tarballs?
  - From: Olav Vitters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]