On Thu, Jun 6, 2024, 10:42 PM Cristian Rodríguez <crist...@rodriguez.im> wrote:
> On Thu, Jun 6, 2024 at 10:16 PM Nikolaos Chatzikonstantinou via c-ares > <c-ares@lists.haxx.se> wrote: > > > Nice! As soon as I tried to demonstrate it, both the signature and the > > contents were mangled by gmail. Well, you know what, just attach a > > signature file with `gpg --sign --detach`. Sigh, how comedic. > > This stuff ..is broken internet-wide. so no surprise. > It doesn't matter anyway. people should pull releases from signed git > tags instead and reject stuff not signed by the release managers. > Yes, that will do it, so e.g. a signed tag on a commit that includes a NEWS entry on new dev keys introduced, or a signed tarball release.
-- c-ares mailing list c-ares@lists.haxx.se https://lists.haxx.se/mailman/listinfo/c-ares