On Tue, Jul 2, 2013 at 1:02 PM, Ian Romanick <[email protected]> wrote: > 2. Instead of just posting md5sum for the release tarballs, I think we > should start GPG signing them. I'm not sure what sort of process we want to > establish for this. Should they just be signed by the release managers key? > Is this easier than I think it is?
GPG sign the git tag (git tag -s) and the announce email which contains the md5/sha sums. That's how X.Org releases are done. _______________________________________________ mesa-dev mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/mesa-dev
