Re: [PATCH 00/13] Fixes for problems detected by Sparse

2015-03-09 Thread Jason A. Donenfeld
Great idea. Merged. Thanks John. ___ CGit mailing list CGit@lists.zx2c4.com http://lists.zx2c4.com/mailman/listinfo/cgit

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-09 Thread John Keeping
On Mon, Mar 09, 2015 at 03:39:29PM -0400, Todd Zullinger wrote: Those on the list can check the PGP signature on the announcement mail and then use the included SHA1 to check the tarball, but doing that as a non-list member isn't as easy due to many list archives stripping or mangling PGP

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-09 Thread Todd Zullinger
John Keeping wrote: On Sat, Mar 07, 2015 at 06:35:10PM -0500, Todd Zullinger wrote: But while we're on the subject, are there PGP signatures available for the cgit tarballs themselves? I know the git tags are signed, but I don't think I've seen detached signatures for the tarballs. In this

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-09 Thread Jason A. Donenfeld
Oh, hah, my pipermail does the same. That's annoying. I'll change up the release announcement next time to avoid that. On Mar 9, 2015 11:32 PM, Jason A. Donenfeld ja...@zx2c4.com wrote: On Mar 9, 2015 9:49 PM, John Keeping j...@keeping.me.uk wrote: It turns out that GMane mangles the list

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-09 Thread Jason A. Donenfeld
On Mar 9, 2015 9:49 PM, John Keeping j...@keeping.me.uk wrote: It turns out that GMane mangles the list address in the message, Better archives: http://lists.zx2c4.com/pipermail/cgit/ ___ CGit mailing list CGit@lists.zx2c4.com

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-09 Thread Jason A. Donenfeld
On Mar 8, 2015 12:35 AM, Todd Zullinger t...@pobox.com wrote: But while we're on the subject, are there PGP signatures available for the cgit tarballs themselves? I include a sha256 of the tarball in the announcement emails. Those emails are pgp signed. My pgp key is embedded in the repo, as

Re: [PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

2015-03-09 Thread Todd Zullinger
Jason A. Donenfeld wrote: On Mar 8, 2015 12:35 AM, Todd Zullinger t...@pobox.com wrote: But while we're on the subject, are there PGP signatures available for the cgit tarballs themselves? I include a sha256 of the tarball in the announcement emails. Those emails are pgp signed. My pgp key