Re: signatures on release tarballs?

On Mon, Mar 29, 2010 at 10:49 PM, Sandy Armstrong
<sanfordarmstrong gmail com> wrote:
> On Mon, Mar 29, 2010 at 7:19 AM, Brian Gough <bjg gnu org> wrote:
>> Hash: SHA1
>> I have a question regarding the release tarballs on
>> As far as I can tell, these are not gpg-signed.  Is that correct?
>> Are signatures available anywhere else or is there any alternative way
>> to check them?
>> I'm working on a collected release of all GNU software packages and
>> we'd like to verify everything that goes in it.  Thanks.
> When we generate tarballs, we also generate their sha256sum.  Is that
> sufficient?  For example:

The hash files probably need to be signed by gpg or something like that. :)

> Sandy
> _______________________________________________
> gnome-infrastructure mailing list
> gnome-infrastructure gnome org

Ray Wang
 - Free As In Freedom

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]