[Bug 645565] New: Please add digital signatures to tarballs
- From: "sysadmin" (bugzilla.gnome.org) <bugzilla gnome org>
- To: gnome-infrastructure gnome org
- Subject: [Bug 645565] New: Please add digital signatures to tarballs
- Date: Tue, 22 Mar 2011 20:21:06 +0000 (UTC)
https://bugzilla.gnome.org/show_bug.cgi?id=645565
sysadmin | Blue Sky | unspecified
Summary: Please add digital signatures to tarballs
Classification: Infrastructure
Product: sysadmin
Version: unspecified
OS/Version: Linux
Status: UNCONFIRMED
Severity: enhancement
Priority: Normal
Component: Blue Sky
AssignedTo: sysadmin-maint gnome bugs
ReportedBy: joss malsain org
QAContact: sysadmin-maint gnome bugs
GNOME target: ---
GNOME version: ---
This was discussed on d-d-l:
> OTOH I’d really appreciate to see digital signatures along with the
> tarballs.
We don't have signatures, so I'd like (need) loads of detail:
1. What guarantee is expected?
e.g. 100% trust it was uploaded by the maintainer vs 'comes from
random person who has the ability to upload things @ GNOME'
2. How to handle digital signatures securely?
e.g. is there is a breakin, having someone steal the private key
would be really bad, as signatures imply trust.
3. How to expire, announce new versions, get the initial trust, etc?
... basically how is the infrastructure bit handled at Debian/ some
other distro
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
