URL:
<http://savannah.nongnu.org/bugs/?37428>
Summary: GPG signatures and downloading over TLS
Project: WeeChat
Submitted by: abelxluck
Submitted on: Sun 23 Sep 2012 04:38:21 PM GMT
Category: packaging
Severity: 3 - Normal
Item Group: security
Status: None
Privacy: Public
Assigned to: None
Originator Name:
Originator Email:
Open/Closed: Open
Discussion Lock: Any
Release: other
IRC nick: abeluck
_______________________________________________________
Details:
Hi there, I can't seem to find any signatures to download and verify along
side the binary packages or source tarballs.
Most users probably get weechat from their distro's packages, but as far as I
can tell, the packagers have no way to verify the authenticity of the source
tarballs they download.
It would be great if the download page could link to the signature, moreover,
if the downloads were available for TLS, that would be useful as well.
If you have any questions about how to implement GPG signing/verification into
the release process, let me know, I'd be more than happy to help.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?37428>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
_______________________________________________
Weechat-dev mailing list
[email protected]
https://lists.nongnu.org/mailman/listinfo/weechat-dev
