В Thu, 07 Dec 2017 22:57:39 +0000, Ivan Vučica написа:
> Actual signature *will* be performed with the correct maintainer GPG
> key!
I don't quite understand this sentence -- does it mean that the actual
tag/release at the official GitHub GNUstep repository will be signed
with the GNUstep maintainer key and you only used your key for the
preview release? If so, it makes perfect sense.
If I understood everything correctly, the .tar.gz and the accompanied
.sig as generated from the git tag on GitHub will be exactly the same
as those published at ftp.gnustep.org. How quickly will the files
propagate to ftp.gnustep.org? Do we (Debian) have to adjust the
(tar.gz/.sig) location to GitHub or we can continue to use
ftp.gnustep.org?
P.S. I'd suggest to advertise widely this new feature of GNUstep Make
and recommend that all developers GPG-sign their releases.
_______________________________________________
Gnustep-dev mailing list
Gnustep-dev@gnu.org
https://lists.gnu.org/mailman/listinfo/gnustep-dev
