Santiago Torres-Arias <santi...@archlinux.org> writes: > I'm currently thinking of adopting the Python-opencl package on the Arch > Linux community repositories. I noticed that there are no tarball > signatures or signed tags for the sources. > > Is this intentional? I'd be more than convenient security-wise to have a > (or a set) key that I could trust when building the package :)
Thanks for the suggestion. I've started doing this on a few of my packages (e.g. [1]) and will try to remember to keep it up. Feel free to ping me if I forget. I've also started signing my email again. The key I'll use is the same I used to sign this email. Andreas [1] https://github.com/inducer/meshpy/releases/tag/v2018.1.1
signature.asc
Description: PGP signature
_______________________________________________ PyOpenCL mailing list PyOpenCL@tiker.net https://lists.tiker.net/listinfo/pyopencl
