Follow-up Comment #4, bug #23510 (project findutils):
Would you accept alternate verification of this release, such as a gpg signed
email asserting the SHA1 sum of the primary tarball, using a newer key to sign
the mail?
That would be fine with me as long as I can verify the signature.
It's possible (albeit a bit more difficult) to update the .sig on the FTP
site; do we need to look into taking the action of posting a replacement .sig
with a newer key?
As far as I'm concerned, no. The alternative method sounds fine.
I would wait for the next release but I've been trying to help a user in a
support forum and that user has tried updating to the current version of
findutils because we thought that would solve the problem. If I can update,
too, it would help us narrow the problem down.
Thanks for your help.
_______________________________________________________
Reply to this item at:
<http://savannah.gnu.org/bugs/?23510>
_______________________________________________
Message sent via/by Savannah
http://savannah.gnu.org/
