-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On Tue, 26 Oct 2021, Robert J. Hansen via Gnupg-users wrote:
all is well and good. At least, on Windows. But what about linux?
As a general rule, Windows signs executables more than it signs packages;
Linux signs packages more than it signs
Why not do a detached signature using e.g. gpg -sb --output file.sig
file? Then, someone can run gpg --verify file.sig file to ensure that
the signature is valid.
(a) because the OP specifically said he was looking for integrated
signatures, and
(b) detached signatures have a way of getting
all is well and good. At least, on Windows. But what about linux?
As a general rule, Windows signs executables more than it signs
packages; Linux signs packages more than it signs executables. The best
practice seems to be to use GnuPG to attach a digital signature to an
RPM or DEB (or Snap
On Tue, 26 Oct 2021 16:08:56 +0100
Andrew Marlow via Gnupg-users wrote:
> For some time now where I work there has been a rule saying "thou shalt add
> a digital signature to every executable and shared library when shipping
> software designed to run on Windows". This is quite doable and all is
12021/07/18 04:64.54 ನಲ್ಲಿ, Andrew Marlow via Gnupg-users
ಬರೆದರು:
> Hello everyone,
>
> For some time now where I work there has been a rule saying "thou shalt add a
> digital signature to every executable and shared library when shipping
> software
> designed to run on Windows". This is quite
Hello everyone,
For some time now where I work there has been a rule saying "thou shalt add
a digital signature to every executable and shared library when shipping
software designed to run on Windows". This is quite doable and all is well
and good. At least, on Windows. But what about linux? The
