On Sun, Jun 28, 2015 at 06:02:01PM +0200, Guilhem Moulin wrote: > I'm currently helping out packaging dropbear for Debian [0]. As > mentioned on your webpage the drobpear package is currently rather > outdated (even sid is lagging behind with 2014.65-1), and in order to > reduce the delays between upstream and package releases I'd like to make > the import of upstream tarballs easier. <snip> > This would make importing further releases much easier :-) In a > nutshell this is what I have in mind: > > ./dropbear-2015.67.tar.bz2 > ./dropbear-2015.67.tar.bz2.sig (or .asc for armored files) > ./SHA256SUM (optional) <snip> > Also risking nitpicking, you could also modify your gpg(1) digest > preferences to something stronger than SHA1 [1] :-P For instance:
Hi Guilhem, New Debian packages would be great. I've signed releases/dropbear-2015.67.tar.bz2.sig for the latest one so far, I'll keep more for future releases. Making a new pgp key has been on my todo list so there is now a Dropbear Release Key. (The old key is DSA so seemed to only make SHA1 signatures) https://matt.ucc.asn.au/dropbear/releases/dropbear-key-2015.asc pub 4096R/F29C6773 2015-06-29 Key fingerprint = F734 7EF2 EE2E 07A2 6762 8CA9 4493 1494 F29C 6773 uid Dropbear SSH Release Signing <m...@ucc.asn.au> It's signed by the old key and my new personal key pub 4096R/C20BBAAC 2015-06-29 Key fingerprint = 1F1A F0BB EC7C F375 9FFA 1191 F498 3012 C20B BAAC uid Matt Johnston <m...@ucc.asn.au> sub 4096R/D5581050 2015-06-29 Cheers, Matt