On Sun, Feb 08, 2015 at 09:04:28PM +0100, Nikos Mavrogiannopoulos wrote: > On Sat, 2015-02-07 at 23:01 +0100, Phil Sutter wrote: > > - Fixed 'make dist', replacing most of the manual work in it with a > > simple call to 'git archive' while doing so. > > - Incremented Makefile's VERSION variable. > > - Tagged master with my own signature. > > - Used 'make dist' to create a new tarball and signature, which I > > uploaded to gna.org. > > - pushed master along with the new tag to Github. (Actually, I pushed > > all earlier tags by accident as well ...) > > It looks fine to me. Maybe the tarballs in gna.org are superfluous. The > releases are already available as tarballs in > https://github.com/cryptodev-linux/cryptodev-linux/releases > If you make the tag with "-s" I guess that's equivalent to signing the > tarball. But I haven't actually checked that.
Hmm, indeed. Although Github obviously does not understand the tag naming scheme. Therefore the tarball's basename and it's internally used prefix is 'cryptodev-linux-cryptodev-linux-1.7'. Obviously they are created using git-archive as well, so at least for 1.7 the content is identical. Regarding signed tags: signature verification is only possible with the actual tag in git at hand ('git tag -v cryptodev-linux-1.7' in this case). The Github generated tarballs are stripped from any git info (besides .gitignore), of course. So in fact, data integrity can only be fully assured by fetching the tarball with associated signature from gna.org. Cheers, Phil _______________________________________________ Cryptodev-linux-devel mailing list Cryptodev-linux-devel@gna.org https://mail.gna.org/listinfo/cryptodev-linux-devel