From: William Roberts <bill.c.roberts@gmail.com>
To: Christian Rebischke <Chris.Rebischke@archlinux.org>
Cc: linux-audit@redhat.com
Subject: Re: signed tarballs
Date: Fri, 7 Apr 2017 16:52:57 -0700 [thread overview]
Message-ID: <CAFftDdobcW4PKP+c4A=72YecbtG5YZS4ZdKX_bt14oarJfjJGg@mail.gmail.com> (raw)
In-Reply-To: <20170407234124.GA11400@motoko>
[-- Attachment #1.1: Type: text/plain, Size: 663 bytes --]
On Apr 7, 2017 4:41 PM, "Christian Rebischke" <Chris.Rebischke@archlinux.org>
wrote:
On Thu, Apr 06, 2017 at 06:27:08PM -0700, William Roberts wrote:
> Why not just checkout the release with git?
Because this wouldn't solve the problem or do you use signed commits in
your linux-audit git repository?
As long as you use a secure protocol and trust his repo signing the tags
doesn't give you all that much.
And even if you use signed commits I
really would appreciate if you would sign the tarball and provide a hash
for it on the release page. This would increase security a lot.
Yes agreed there, at least HTTPS connections are available.
cheers,
chris
[-- Attachment #1.2: Type: text/html, Size: 1560 bytes --]
[-- Attachment #2: Type: text/plain, Size: 0 bytes --]
next prev parent reply other threads:[~2017-04-07 23:52 UTC|newest]
Thread overview: 25+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-04-06 23:31 signed tarballs Christian Rebischke
2017-04-07 1:27 ` William Roberts
2017-04-07 23:41 ` Christian Rebischke
2017-04-07 23:52 ` William Roberts [this message]
2017-04-08 12:53 ` Paul Moore
2017-04-10 18:51 ` Steve Grubb
2017-04-10 18:35 ` Steve Grubb
2017-04-11 10:44 ` Christian Rebischke
2017-04-11 14:03 ` Steve Grubb
2017-04-13 20:28 ` Christian Rebischke
2017-04-13 20:30 ` William Roberts
2017-04-13 20:43 ` Steve Grubb
2017-04-13 20:56 ` Christian Rebischke
2017-04-13 21:00 ` William Roberts
2017-04-13 21:05 ` Paul Moore
2017-04-13 21:08 ` William Roberts
2017-04-13 21:17 ` Paul Moore
2017-04-13 22:39 ` William Roberts
2017-04-13 21:22 ` Christian Rebischke
2017-04-13 22:45 ` William Roberts
2017-04-13 23:17 ` Steve Grubb
2017-04-13 22:25 ` Steve Grubb
2017-04-14 13:06 ` Paul Moore
2017-04-14 13:38 ` Steve Grubb
2017-04-14 23:03 ` Christian Rebischke
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='CAFftDdobcW4PKP+c4A=72YecbtG5YZS4ZdKX_bt14oarJfjJGg@mail.gmail.com' \
--to=bill.c.roberts@gmail.com \
--cc=Chris.Rebischke@archlinux.org \
--cc=linux-audit@redhat.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.