On Tue 2019-03-19 07:08:18 -0300, David Bremner wrote: > To quote id:[email protected] > > if the thing verified is the output of sha256sum, then the > *filename* of the tarball itself is included, then the standard > verification step will is sufficient to ensure that you've got the right > version in the filename. > > This is in addition to the detached signature on the tarball
I think the 3-part series i published starting at id:[email protected] supercedes this patch. thanks for maintaining our release processes, David! --dkg
signature.asc
Description: PGP signature
_______________________________________________ notmuch mailing list [email protected] https://notmuchmail.org/mailman/listinfo/notmuch
