On Sat, Jan 16, 2021 at 09:35:55AM -0500, Ryan Kavanagh wrote: > Please allow users to specify arbitrary scripts to verify upstream > release tarballs. For example, the OpenSMTPD and OpenBSD projects use > signify-openbsd (from the signify-openbsd package) instead of GnuPG to > verify their releases.
I suppose that's a fine feature to add, however keep in mind that the upstrem gpg signatures have a much wider support, including in dpkg itself. Perhaps you may wish to start a broader discussion about this topic and get dpkg & friends onboard? -- regards, Mattia Rizzolo GPG Key: 66AE 2B4A FCCF 3F52 DA18 4D18 4B04 3FCD B944 4540 .''`. More about me: https://mapreri.org : :' : Launchpad user: https://launchpad.net/~mapreri `. `'` Debian QA page: https://qa.debian.org/developer.php?login=mattia `-
signature.asc
Description: PGP signature