Hi all, As we have everything required for the M5 release I'm going to complete it today.
Thank you for your votes and ideas! On Thu, Mar 2, 2017 at 4:49 PM, Aristedes Maniatis <a...@maniatis.org> wrote: > On 2/3/17 8:51pm, Andrus Adamchik wrote: >> >> >>> On Mar 2, 2017, at 11:55 AM, Aristedes Maniatis <a...@maniatis.org> wrote: >>> >>> Would it help if we set up a Jenkins job to create the build artifacts then >>> we have an easier to verify chain from source checkout to artifact creation? >> >> It most certainly will. How do we sign the files though? > > There can still be a step of downloading the files from jenkins, signing and > uploading. md5 hashes are still there for verifying the Jenkins output is > intact. > > I'm not sure how we verify that Jenkins itself isn't compromised, but perhaps > we can ask what others do. > > > Ari > > > > -- > --------------------------> > Aristedes Maniatis > GPG fingerprint CBFB 84B4 738D 4E87 5E5C 5EFA EF6A 7D2E 3E49 102A -- Best regards, Nikita Timofeev
