On Tuesday, April 11, 2017 6:44:13 AM EDT Christian Rebischke wrote:
On Mon, Apr 10, 2017 at 02:35:31PM -0400, Steve Grubb wrote:
> Nobody has ever asked for one. I literally build the package in Fedora
> within a few minutes of a release. Fedora has hashes of the audit tar
> file in the "sources" file in the build system in case you want any
> historical information:
>
>
http://pkgs.fedoraproject.org/cgit/rpms/audit.git/log/sources
Hello Steve,
well.. then I want to ask you if you could use gpg signatures in future
for your releases. We, at arch linux, are currently encouraging upstream
to use signed releases and https. It's just 5min of work and it's a big
step to a more secure internet. Thanks.
I added a sha256sum to the release announcement yesterday. You can also access
the people page via https.
-Steve