Re: signatures on release tarballs?

From: Olav Vitters <olav vitters nl>
To: Brian Gough <bjg gnu org>
Cc: bug-gsrc gnu org, gnome-infrastructure gnome org
Subject: Re: signatures on release tarballs?
Date: Tue, 30 Mar 2010 14:10:31 +0200

On Tue, Mar 30, 2010 at 07:28:24AM -0400, Brian Gough wrote:
> At Mon, 29 Mar 2010 17:03:51 +0200,
> Olav Vitters wrote:
> > 
> > On Mon, Mar 29, 2010 at 10:19:26AM -0400, Brian Gough wrote:
> > > I have a question regarding the release tarballs on ftp.gnome.org.
> > > As far as I can tell, these are not gpg-signed.  Is that correct?
> > 
> > They aren't signed.
> 
> Thanks for the clarification.  Do you have any plans to support
> signed releases in the future?

No. I do not see what security in practice it would add. It would only
allow comparing the security of the mirroring system between
master.gnome.org and our primary mirror, ftp.gnome.org
(=ftp.acc.umu.se). Short term I'd rather focus on master.gnome.org.

-- 
Regards,
Olav

References:
- signatures on release tarballs?
  - From: Brian Gough
- Re: signatures on release tarballs?
  - From: Olav Vitters
- Re: signatures on release tarballs?
  - From: Brian Gough

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]