From mboxrd@z Thu Jan 1 00:00:00 1970 From: Troy Sankey Subject: Re: Packaging packages with GPG signed source archives Date: Wed, 31 Aug 2016 16:42:03 -0400 Message-ID: <147267612379.23966.11891288083486079812@what> References: <87oa49crz1.fsf@gmail.com> <20160831172204.GB28096@jasmine> <87wpiwlmea.fsf@gnu.org> Mime-Version: 1.0 Content-Type: multipart/signed; protocol="application/pgp-signature"; micalg="pgp-sha256"; boundary="===============2121536606==" Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:48233) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bfCKr-00041y-Kh for help-guix@gnu.org; Wed, 31 Aug 2016 16:42:14 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bfCKq-0000tm-VA for help-guix@gnu.org; Wed, 31 Aug 2016 16:42:13 -0400 Content-Disposition: inline In-Reply-To: <87wpiwlmea.fsf@gnu.org> List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: help-guix-bounces+gcggh-help-guix=m.gmane.org@gnu.org Sender: "Help-Guix" To: Ludovic =?utf-8?Q?Court=C3=A8s?= , Arun Isaac Cc: help-guix --===============2121536606== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Quoting Ludovic Court=C3=A8s (2016-08-31 16:21:49) > (That said, more and more software is distributed via Git rather than as > tarballs, and most repos are unsigned; even if they were, there are > basically no tools to meaningfully authenticate a Git checkout=E2=80=A6) In that case, not all hope is lost---I've seen many projects sign git tags. Troy --===============2121536606== MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Description: signature Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAABCAAGBQJXx0EZAAoJEIRGmXXw0dCUWCMP/RnYnq2yhsmWqg5Nfu4zbOFc vgMBIiOOrQAJHR7Uxic1oiyXyK2LR6qkb4F1uwySsASunpaI7wQG5O2AlvZ2fERO n1YXLgJUQGozwigW6GXf9RhK1ZsH/2jnWnBECN0X7nUWpTsHCc4VEm4kr4jv5yHb Ce+oC/QZ7RLPdR8IMKo08q2OAx6tjUuQd2lAHCKY2XL0zmRy8mQW8vPW7Qmabs7N qYl2Ozw2O0bhpmkPAU+/bJLAPQqCzHHlKdYWKlfUYWAfBWE9SrpCyEDjydGZNKFs 9KScOZqz3Ay24tAykqOUqpGhax2tu6R9RMUj1+G4JLAN2RmD/YA1B1rX6MyYOpjW qQS6uviY4eaJIJEWVbgKVTD5KZwvnZnyWyu928aydULx5h3lUq8HMwUIkwBxKWzR YB45qsD6D89Z8YxBVPKn+mZDzPkz4e5DCRogl6aR1zPFr+7NNm5/qzBvyJfRW/dS 34qv0Pc8wiXh9RpKAa+1uzOpRQGTXcs7oiiv3O3oqhu7LVv/GlLqHbdOW1/9wcTA z8y1Zvggnoi/0DERHt2YJ9I8cgivxnPwxxkHFrO3HN4jHQZXvzwPEZ2n36Hi/iW9 9Ark/7J8gNoBC98vfxNTIDYkoU/CUxttjotX7HG61jVoaqVGLc+ml4D4rvrALTSb VEDs5lVeEjHYHMkxvcmX =obZu -----END PGP SIGNATURE----- --===============2121536606==--