Re: signed tarballs
On Saturday, April 8, 2017 8:53:10 AM EDT Paul Moore wrote:
> I am the maintainer of 'audit' in the official Arch
Linux Repositories.
> Is there a reason why you don't provide a signature file for the
> releases nor a checksum or am I just stupid and can't find it on your
> website: https://people.redhat.com/sgrubb/audit/ ?
Steve seems to be posting audit userspace releases both on his Red Hat
people page and on GitHub; I'm not sure which he considers to be the
"authoritative" release, he'll have to answer that.
https://github.com/linux-audit/audit-userspace/releases
I consider the ones from the people page to be authoritative because its been
converted from raw, unprocessed development files to a distribution tarball by
use of the autotools. This involves running autogen.sh, ./configure, and then
make dist-check. Starting with the 2.7.5 release, I changed the naming
convention on github to make sure people can tell the difference when looking
at the release from the people page vs github.
-Steve