Bill Fenner <> wrote:
    > mcr suggested:
    >> I wonder if we should nuke our own make tarball system.

    > The creation of a tarball and its signature gives a place to hang one's 
    > about origin of code - "someone with the right key claims that this 
    > genuinely reflects what the project wants to distribute".  Is there a
    > similar mechanism for a git tag?

Yes, git tag -s, lets you sign a commit with a PGP key.

tcpdump-workers mailing list --
To unsubscribe send an email to

Reply via email to