From mboxrd@z Thu Jan  1 00:00:00 1970
From: Steve Grubb <sgrubb@redhat.com>
Subject: Re: signed tarballs
Date: Mon, 10 Apr 2017 14:35:31 -0400
Message-ID: <3197080.UOV2hoHuAT@x2>
References: <20170406233134.GA32113@motoko>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Return-path: <linux-audit-bounces@redhat.com>
In-Reply-To: <20170406233134.GA32113@motoko>
List-Unsubscribe: <https://www.redhat.com/mailman/options/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=unsubscribe>
List-Archive: <https://www.redhat.com/archives/linux-audit>
List-Post: <mailto:linux-audit@redhat.com>
List-Help: <mailto:linux-audit-request@redhat.com?subject=help>
List-Subscribe: <https://www.redhat.com/mailman/listinfo/linux-audit>,
	<mailto:linux-audit-request@redhat.com?subject=subscribe>
Sender: linux-audit-bounces@redhat.com
Errors-To: linux-audit-bounces@redhat.com
To: linux-audit@redhat.com
List-Id: linux-audit@redhat.com

On Thursday, April 6, 2017 7:31:35 PM EDT Christian Rebischke wrote:
> Hello,
> I am the maintainer of 'audit' in the official Arch Linux Repositories.
> Is there a reason why you don't provide a signature file for the
> releases nor a checksum or am I just stupid and can't find it on your
> website: https://people.redhat.com/sgrubb/audit/ ?

Nobody has ever asked for one. I literally build the package in Fedora within 
a few minutes of a release. Fedora has hashes of the audit tar file in the 
"sources" file in the build system in case you want any historical 
information:

http://pkgs.fedoraproject.org/cgit/rpms/audit.git/log/sources

-Steve