Am Freitag, 24. Juli 2015, 09:54:07 schrieb Alan W. Irwin: > An additional and obvious security measure is to cryptographically > sign each file release with a detached armored signature, e.g., > > gpg --default-key <keyid> --detach-sign --armor cmake-3.3.0.tar.gz > > where keyid is a CMake release manager identification key (also created > and distributed by gpg).
While at it, one could use the same key to sign the tags in git at the same time ;) Greetings, Eike
signature.asc
Description: This is a digitally signed message part.
-- Powered by www.kitware.com Please keep messages on-topic and check the CMake FAQ at: http://www.cmake.org/Wiki/CMake_FAQ Kitware offers various services to support the CMake community. For more information on each offering, please visit: CMake Support: http://cmake.org/cmake/help/support.html CMake Consulting: http://cmake.org/cmake/help/consulting.html CMake Training Courses: http://cmake.org/cmake/help/training.html Visit other Kitware open-source projects at http://www.kitware.com/opensource/opensource.html Follow this link to subscribe/unsubscribe: http://public.kitware.com/mailman/listinfo/cmake-developers
