Re: Packaging packages with GPG signed source archives

help-guix

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Packaging packages with GPG signed source archives

From:	Ludovic Courtès
Subject:	Re: Packaging packages with GPG signed source archives
Date:	Thu, 01 Sep 2016 10:29:16 +0200
User-agent:	Gnus/5.13 (Gnus v5.13) Emacs/24.5 (gnu/linux)

Troy Sankey <address@hidden> skribis:

> Quoting Ludovic Courtès (2016-08-31 16:21:49)
>> (That said, more and more software is distributed via Git rather than as
>> tarballs, and most repos are unsigned; even if they were, there are
>> basically no tools to meaningfully authenticate a Git checkout…)
>
> In that case, not all hope is lost---I've seen many projects sign git tags.

Indeed, but signing is the easy part.  :-)

  http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#73

Ludo’.

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Packaging packages with GPG signed source archives, Ludovic Courtès <=
- Re: Packaging packages with GPG signed source archives, Ludovic Courtès, 2016/09/01
  - Re: Packaging packages with GPG signed source archives, ng0, 2016/09/02
    - Re: Packaging packages with GPG signed source archives, Ludovic Courtès, 2016/09/02
    - Re: Packaging packages with GPG signed source archives, ng0, 2016/09/02

Prev by Date: Re: Cross-building GuixSD (and maybe using pre-built toolchains)
Next by Date: Re: Packaging packages with GPG signed source archives
Previous by thread: Re: Cross-building GuixSD (and maybe using pre-built toolchains)
Next by thread: Re: Packaging packages with GPG signed source archives
Index(es):
- Date
- Thread