Re: signatures on release tarballs?

From: Olav Vitters <olav vitters nl>
To: Brian Gough <bjg gnu org>
Cc: bug-gsrc gnu org, gnome-infrastructure gnome org
Subject: Re: signatures on release tarballs?
Date: Mon, 29 Mar 2010 17:03:51 +0200

On Mon, Mar 29, 2010 at 10:19:26AM -0400, Brian Gough wrote:
> I have a question regarding the release tarballs on ftp.gnome.org.
> As far as I can tell, these are not gpg-signed.  Is that correct?

They aren't signed.

> Are signatures available anywhere else or is there any alternative way
> to check them?

We provide a hash, but that is not the same.

> I'm working on a collected release of all GNU software packages and
> we'd like to verify everything that goes in it.  Thanks.

-- 
Regards,
Olav

Follow-Ups:
- Re: signatures on release tarballs?
  - From: Brian Gough

References:
- signatures on release tarballs?
  - From: Brian Gough

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]