Re: signed tarballs
On Thursday, April 6, 2017 7:31:35 PM EDT Christian Rebischke wrote:
Hello,
I am the maintainer of 'audit' in the official Arch Linux Repositories.
Is there a reason why you don't provide a signature file for the
releases nor a checksum or am I just stupid and can't find it on your
website: https://people.redhat.com/sgrubb/audit/ ?
Nobody has ever asked for one. I literally build the package in Fedora within
a few minutes of a release. Fedora has hashes of the audit tar file in the
"sources" file in the build system in case you want any historical
information:
http://pkgs.fedoraproject.org/cgit/rpms/audit.git/log/sources
-Steve