From mboxrd@z Thu Jan 1 00:00:00 1970 From: Andreas Enge Subject: Re: Checking signatures on source tarballs Date: Wed, 7 Oct 2015 10:29:58 +0200 Message-ID: <20151007082958.GA4419@debian> References: <1443791046-1015-1-git-send-email-alezost@gmail.com> <1443791046-1015-3-git-send-email-alezost@gmail.com> <87d1wvadw2.fsf@gnu.org> <87bnceah2e.fsf@gmail.com> <87r3la6077.fsf@gnu.org> <87eghalc7s.fsf@gmail.com> <87wpv1tils.fsf@gnu.org> <87a8rwf2vl.fsf@gmail.com> <8737xntorr.fsf_-_@netris.org> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:46854) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zjk70-00043K-9m for guix-devel@gnu.org; Wed, 07 Oct 2015 04:30:10 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1Zjk6v-0001BQ-BQ for guix-devel@gnu.org; Wed, 07 Oct 2015 04:30:10 -0400 Received: from mout.kundenserver.de ([212.227.17.10]:52707) by eggs.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1Zjk6v-00016u-2s for guix-devel@gnu.org; Wed, 07 Oct 2015 04:30:05 -0400 Content-Disposition: inline In-Reply-To: <8737xntorr.fsf_-_@netris.org> List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org Sender: guix-devel-bounces+gcggd-guix-devel=m.gmane.org@gnu.org To: Mark H Weaver Cc: guix-devel@gnu.org, Alex Kost This sounds all very good. In practice, the difference would unfortunately be only slight: Most packages have no signature, mainly the gnu packages do. But it would be useful for the cases where signatures exist, and show our commitment to security. Andreas