[bug-gsrc] Re: signatures on release tarballs?

bug-gsrc

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[bug-gsrc] Re: signatures on release tarballs?

From:	Sandy Armstrong
Subject:	[bug-gsrc] Re: signatures on release tarballs?
Date:	Mon, 29 Mar 2010 07:49:53 -0700

On Mon, Mar 29, 2010 at 7:19 AM, Brian Gough <address@hidden> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> I have a question regarding the release tarballs on ftp.gnome.org.
> As far as I can tell, these are not gpg-signed.  Is that correct?
>
> Are signatures available anywhere else or is there any alternative way
> to check them?
>
> I'm working on a collected release of all GNU software packages and
> we'd like to verify everything that goes in it.  Thanks.

When we generate tarballs, we also generate their sha256sum.  Is that
sufficient?  For example:

http://download.gnome.org/sources/tomboy/1.1/tomboy-1.1.4.sha256sum

Sandy

[Prev in Thread]

Current Thread

[Next in Thread]

[bug-gsrc] signatures on release tarballs?, Brian Gough, 2010/03/29
- [bug-gsrc] Re: signatures on release tarballs?, Sandy Armstrong <=
  - [bug-gsrc] Re: signatures on release tarballs?, Ray Wang, 2010/03/31
- [bug-gsrc] Re: signatures on release tarballs?, Olav Vitters, 2010/03/29
  - [bug-gsrc] Re: signatures on release tarballs?, Brian Gough, 2010/03/30
    - [bug-gsrc] Re: signatures on release tarballs?, Olav Vitters, 2010/03/30

Prev by Date: Re: [bug-gsrc] GHM
Next by Date: [bug-gsrc] Re: signatures on release tarballs?
Previous by thread: [bug-gsrc] signatures on release tarballs?
Next by thread: [bug-gsrc] Re: signatures on release tarballs?
Index(es):
- Date
- Thread