Re: [Tbox-talk] GPG signatures
Status: Inactive
Brought to you by:
clameter
Menu
▾
▴
Re: [Tbox-talk] GPG signatures
|
From: Christoph L. <chr...@la...> - 2002-10-29 01:36:47
|
Once we get the basic stuff straight we will have time for that. recipes are rather simple though and for now we can certainly do without that. S and P support md5sums to verify the integrity of the sources used. On 27 Oct 2002, Timo Sirainen wrote: > How about adding full support for GPG signed packages? Every package and > recipe file would be GPG signed by it's maintainer and by default > nothing would be installed if the signature didn't match an existing > known key. > > Preferrably also support GPG signatures for original source packages if > they're found, like: > > S ftp://foo/bar.tar.gz ftp://foo/bar.tar.gz.asc > > The signature in .asc file would then be verified to be signed with a > key which is signed by the upm maintainer. > > Other than that I like most of the design and ideas. > > > > ------------------------------------------------------- > This SF.net email is sponsored by: ApacheCon, November 18-21 in > Las Vegas (supported by COMDEX), the only Apache event to be > fully supported by the ASF. http://www.apachecon.com > _______________________________________________ > Tbox-talk mailing list > Tbo...@li... > https://lists.sourceforge.net/lists/listinfo/tbox-talk > |