On Sat, Jan 16, 2021 at 09:35:55AM -0500, Ryan Kavanagh wrote: > Please allow users to specify arbitrary scripts to verify upstream > release tarballs. For example, the OpenSMTPD and OpenBSD projects use > signify-openbsd (from the signify-openbsd package) instead of GnuPG to > verify their releases.
I suppose that's a fine feature to add, however keep in mind that the
upstrem gpg signatures have a much wider support, including in dpkg
itself.
Perhaps you may wish to start a broader discussion about this topic and
get dpkg & friends onboard?
--
regards,
Mattia Rizzolo
GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`.
More about me: https://mapreri.org : :' :
Launchpad user: https://launchpad.net/~mapreri `. `'`
Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature
