Menu
▾
▴
RE: 1.030 RPM still unsigned?
|
From: David C. <co...@co...> - 2002-11-04 18:01:31
|
My experience in the past is that tar.gz's aren't really signed at this point, mostly just released with MD5 bitchecks. Now since I only develop and release small programs I find the MD5 bitcheck works perfectly well for myself. BTW Jamie, I'm on a system restoration contract right now, and someone handed me a server from early 2001 and was told "make it work". It had webmin 0.84 on it... Let me just say you should be extremly proud of how much Webmin has grown and prosper over this past year alone. David Wil Cooley <wc...@na...> wrote .. > > Yes, the RPM is still unsigned :( Jamie, do you need help with the GPG > part? No, I've figured out how to work GPG. I'm just looking for a solution for signing the .tar.gz packages of webmin and individual modules as well before putting out signed versions. Any idea how people usually handle the signing of .tar.gz files? With RPMs, the file format can handle the signature actually being part of the file, but that isn't the case with tarballs .. - Jamie |
