From mboxrd@z Thu Jan 1 00:00:00 1970 From: Christian Rebischke Subject: Re: signed tarballs Date: Tue, 11 Apr 2017 12:44:13 +0200 Message-ID: <20170411104403.GB386@motoko> References: <20170406233134.GA32113@motoko> <3197080.UOV2hoHuAT@x2> Mime-Version: 1.0 Content-Type: multipart/mixed; boundary="===============6852986266789571206==" Return-path: Received: from mx1.redhat.com (ext-mx02.extmail.prod.ext.phx2.redhat.com [10.5.110.26]) by smtp.corp.redhat.com (Postfix) with ESMTPS id EA1E87F65A for ; Tue, 11 Apr 2017 10:44:23 +0000 (UTC) Received: from mout02.posteo.de (mout02.posteo.de [185.67.36.142]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 5E83E7E9C0 for ; Tue, 11 Apr 2017 10:44:21 +0000 (UTC) In-Reply-To: <3197080.UOV2hoHuAT@x2> List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: Steve Grubb Cc: linux-audit@redhat.com List-Id: linux-audit@redhat.com --===============6852986266789571206== Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="/e2eDi0V/xtL+Mc8" Content-Disposition: inline --/e2eDi0V/xtL+Mc8 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Mon, Apr 10, 2017 at 02:35:31PM -0400, Steve Grubb wrote: > Nobody has ever asked for one. I literally build the package in Fedora wi= thin=20 > a few minutes of a release. Fedora has hashes of the audit tar file in th= e=20 > "sources" file in the build system in case you want any historical=20 > information: >=20 > http://pkgs.fedoraproject.org/cgit/rpms/audit.git/log/sources >=20 Hello Steve, well.. then I want to ask you if you could use gpg signatures in future for your releases. We, at arch linux, are currently encouraging upstream to use signed releases and https. It's just 5min of work and it's a big step to a more secure internet. Thanks. chris --/e2eDi0V/xtL+Mc8 Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEba97gI+d8lE5YgAA0hRh49/iBg0FAljss3sACgkQ0hRh49/i Bg0FUg/7B75wTU5KYzmZwFceNpb6nymDvnUTsWoAG+EKk2yoCk2FTFw9Y/y09D+k TXlwNBOg1oRHcd3Kdq1pEa/TszzAEpOX92zt1cmMP7B/IOPfdKAwV4cNqlaxai+9 jv0/NUjWLvk5rm39OsZWFCcFl5gRTz2g5QmHlEhv8e8mN0gi/JVygSqQZLDT8hU3 AU1gNtXk5X6lMfb4hiW3/61tko+jgIJ9wLa9etordWSZ3JvXqGyJfKRMvbVKeykB QFh6EmQ2WTRtk/EAtbWEGxiVinnKZcvsePuaUh+vv2liFoUqIQQOEr7DrUM2eXRu JsKuCYpDZDfLlQlBDY7yLyT47arYdKvhdI/q+Z5gZPtDMXT0vSWaGTZscDy2I3xP gGzm10NZe4Ypny3hKEjb88cz++jP7/IbGKmu7fFOjfwIO1Fw4v9cYIQJrEfmXOg0 WfSbhU6HGZDlNZoKKpXP8U8hIvlBH6wUK4SYxYczIYR6eu4kLH9HEN5i2Z+JWL92 RIZvM6vaqjiYyoTkm3S4xOLfVH/MbPbkqCzrQZv6or/h1E8aRI+JoS9qXSSRf1rZ +hOEC72UCcz+eh3v5lqOO6y50hHHw9tYJOn8Y+WWMqtGLxTO0a2TI6qeUDOaLCgC yWiPYO1erD+0hfxeXMsSZaNnI65NQkNSQ5C7VqZs0dIjI4UF6UA= =T5tB -----END PGP SIGNATURE----- --/e2eDi0V/xtL+Mc8-- --===============6852986266789571206== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline --===============6852986266789571206==--