Signed-off-by: Michał Górny <>
 glep-0078.rst | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/glep-0078.rst b/glep-0078.rst
index ab28aed..733d8d7 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -228,6 +228,11 @@ If the Manifest is present, all files contained in the 
archive must
 be listed in it and verify successfully.  The package manager should
 ignore unknown files but preserve them across package updates.
+For a binary package to be considered signed and suitable for
+authenticity verification, the Manifest file must be present and contain
+a valid signature.  It is recommended to include detached signatures
+for archive members as well.
 Permitted .tar format features

Reply via email to