On Tuesday, April 11, 2017 6:44:13 AM EDT Christian Rebischke wrote: > On Mon, Apr 10, 2017 at 02:35:31PM -0400, Steve Grubb wrote: > > Nobody has ever asked for one. I literally build the package in Fedora > > within a few minutes of a release. Fedora has hashes of the audit tar > > file in the "sources" file in the build system in case you want any > > historical information: > > > > http://pkgs.fedoraproject.org/cgit/rpms/audit.git/log/sources > > Hello Steve, > well.. then I want to ask you if you could use gpg signatures in future > for your releases. We, at arch linux, are currently encouraging upstream > to use signed releases and https. It's just 5min of work and it's a big > step to a more secure internet. Thanks.
I added a sha256sum to the release announcement yesterday. You can also access the people page via https. -Steve -- Linux-audit mailing list [email protected] https://www.redhat.com/mailman/listinfo/linux-audit
