Hi! How can I cryptographically verify libvirt releases? There are no signature/hash files in http://libvirt.org/sources/.
All I see is that your git release tags are PGP signed. So, anyone who cares has to ignore everything in http://libvirt.org/sources/ and needs to regenerate the tarball from git. Or do I miss something? -- Thanks, //richard -- libvir-list mailing list libvir-list@redhat.com https://www.redhat.com/mailman/listinfo/libvir-list
