[Bug 645565] New: Please add digital signatures to tarballs

  sysadmin | Blue Sky | unspecified

           Summary: Please add digital signatures to tarballs
    Classification: Infrastructure
           Product: sysadmin
           Version: unspecified
        OS/Version: Linux
            Status: UNCONFIRMED
          Severity: enhancement
          Priority: Normal
         Component: Blue Sky
        AssignedTo: sysadmin-maint gnome bugs
        ReportedBy: joss malsain org
         QAContact: sysadmin-maint gnome bugs
      GNOME target: ---
     GNOME version: ---

This was discussed on d-d-l:

> OTOH I’d really appreciate to see digital signatures along with the
> tarballs.

We don't have signatures, so I'd like (need) loads of detail:
1. What guarantee is expected?
   e.g. 100% trust it was uploaded by the maintainer vs 'comes from
   random person who has the ability to upload things @ GNOME'
2. How to handle digital signatures securely?
   e.g. is there is a breakin, having someone steal the private key
   would be really bad, as signatures imply trust.
3. How to expire, announce new versions, get the initial trust, etc?

... basically how is the infrastructure bit handled at Debian/ some
other distro

Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]