https://bugzilla.gnome.org/show_bug.cgi?id=794622
Bug ID: 794622
Summary: RFE: 'ftpadmin install' should allow install of a
detached GPG signature file alongside each tarball
Classification: Infrastructure
Product: sysadmin
Version: unspecified
OS: Linux
Status: NEW
Severity: normal
Priority: Normal
Component: Other
Assignee: [email protected]
Reporter: [email protected]
QA Contact: [email protected]
GNOME version: ---
I want to be able to provide GPG signatures for tarballs of gtk-vnc I upload,
but the 'ftpadmin install' only appears to want tarballs as arguments.
It should allow maintainer to provide a detached signature with a name of
'$TARBALL.asc', and upload that to the ftp site. This is more trustworthy than
the checksums ftpadmin creates, which can be easily tampered with at same time
as the tarballs by a malicious actor.
This would of course mean the maintainer must provide the tarball in tar.xz
format, so that ftpadmin doesn't try do tarball recompression, but that's
reasonable enough.
eg I would like todo
ftpadmin install gtk-vnc-0.7.2.tar.xz gtk-vnc-0.7.2.tar.xz.asc
--
You are receiving this mail because:
You are watching the QA Contact of the bug.
You are watching the assignee of the bug._______________________________________________
gnome-infrastructure mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/gnome-infrastructure
