Re: [dev] file integrity github project

From: Markus Teich <>
Date: Thu, 24 Aug 2017 00:21:47 +0200

Mattias Andrée wrote:
> * An alternative to signature files is to sign the tags in Git, and those
> that care enough could pull releases from git instead.

That is a nice idea. It doesn't require any extra signature/checksum file cruft
on the webserver. It can easily be made optional and is in the maintainers
hands if he wants to provide the signatures or not (with his own key).

Received on Thu Aug 24 2017 - 00:21:47 CEST

This archive was generated by hypermail 2.3.0 : Thu Aug 24 2017 - 00:24:16 CEST