Re: signed tarballs
On Thu, Apr 06, 2017 at 06:27:08PM -0700, William Roberts wrote:
Why not just checkout the release with git?
Because this wouldn't solve the problem or do you use signed commits in
your linux-audit git repository? And even if you use signed commits I
really would appreciate if you would sign the tarball and provide a hash
for it on the release page. This would increase security a lot.
cheers,
chris
Attachments:
- signature.asc (application/pgp-signature — 833 bytes)