Re: [Tbox-talk] GPG signatures

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Once we get the basic stuff straight we will have time for that. recipes
are rather simple though and for now we can certainly do without that.
S and P support md5sums to verify the integrity of the sources used.

On 27 Oct 2002, Timo Sirainen wrote:

> How about adding full support for GPG signed packages? Every package and
> recipe file would be GPG signed by it's maintainer and by default
> nothing would be installed if the signature didn't match an existing
> known key.
>
> Preferrably also support GPG signatures for original source packages if
> they're found, like:
>
> S ftp://foo/bar.tar.gz ftp://foo/bar.tar.gz.asc
>
> The signature in .asc file would then be verified to be signed with a
> key which is signed by the upm maintainer.
>
> Other than that I like most of the design and ideas.
>
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by: ApacheCon, November 18-21 in
> Las Vegas (supported by COMDEX), the only Apache event to be
> fully supported by the ASF. http://www.apachecon.com
> _______________________________________________
> Tbox-talk mailing list
> Tbo...@li...
> https://lists.sourceforge.net/lists/listinfo/tbox-talk
>