Hi everyone, it would be awesome if rsyslog (and the related projects like librelp, liblogging, libestr, ...) would come with cryptographic signatures for the downloadable tarballs, like e.g the Linux kernel does [0]
This way one can verify that a tarball has been not been tampered with. The Debian infrastructure can already make use of that via the uscan [1] tool, which I personally use to pull the latest upstream tarballs. See also the relevant Debian bug report [2]. Providing those signatures also sends a clear message that security is a top concern for rsyslog. Regards, Michael [0] https://www.kernel.org/signature.html [1] https://wiki.debian.org/debian/watch/#Cryptographic_signature_verification [2] https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=610712 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com/professional-services/ What's up with rsyslog? Follow https://twitter.com/rgerhards NOTE WELL: This is a PUBLIC mailing list, posts are ARCHIVED by a myriad of sites beyond our control. PLEASE UNSUBSCRIBE and DO NOT POST if you DON'T LIKE THAT.
