On 04/06/18 09:23 +0200, Jan Pokorný wrote: > As a second step, it might also be wise to start offering release > tarballs elsewhere, preferrably OpenPGP-signed proper releases > (as in "make dist" or the like) -- then it can be served practically > from whatever location without imminent risk of being tampered with.
Meanwhile in Gitea land (another alternative for self-hosting): https://github.com/go-gitea/gitea/issues/4167 Practical demonstration why to sign releases (tags, commits...), and why permissions aspect of mixing proprietary and self-managed services sucks. -- Poki
pgpI_015ZHwI5.pgp
Description: PGP signature
_______________________________________________ Developers mailing list Developers@clusterlabs.org https://lists.clusterlabs.org/mailman/listinfo/developers
