https://bugzilla.gnome.org/show_bug.cgi?id=645565
sysadmin | Blue Sky | unspecified
Summary: Please add digital signatures to tarballs
Classification: Infrastructure
Product: sysadmin
Version: unspecified
OS/Version: Linux
Status: UNCONFIRMED
Severity: enhancement
Priority: Normal
Component: Blue Sky
AssignedTo: [email protected]
ReportedBy: [email protected]
QAContact: [email protected]
GNOME target: ---
GNOME version: ---
This was discussed on d-d-l:
> OTOH I’d really appreciate to see digital signatures along with the
> tarballs.
We don't have signatures, so I'd like (need) loads of detail:
1. What guarantee is expected?
e.g. 100% trust it was uploaded by the maintainer vs 'comes from
random person who has the ability to upload things @ GNOME'
2. How to handle digital signatures securely?
e.g. is there is a breakin, having someone steal the private key
would be really bad, as signatures imply trust.
3. How to expire, announce new versions, get the initial trust, etc?
... basically how is the infrastructure bit handled at Debian/ some
other distro
--
Configure bugmail: https://bugzilla.gnome.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the QA contact of the bug.
You are watching the assignee of the bug.
_______________________________________________
gnome-infrastructure mailing list
[email protected]
http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
