Re: signatures on release tarballs?

On Mon, Mar 29, 2010 at 10:19:26AM -0400, Brian Gough wrote:
> I have a question regarding the release tarballs on
> As far as I can tell, these are not gpg-signed.  Is that correct?

They aren't signed.

> Are signatures available anywhere else or is there any alternative way
> to check them?

We provide a hash, but that is not the same.

> I'm working on a collected release of all GNU software packages and
> we'd like to verify everything that goes in it.  Thanks.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]