Signing .tar files during release process
abartlet at samba.org
Sat Mar 22 18:05:15 MDT 2014
On Sat, 2014-03-22 at 20:10 +0000, Jelmer Vernooij wrote:
> At the moment we're GPG signing .tar files during the release. The
> original reason (IIRC) for this was that we were publishing both .gz
> and .bz2 compressed versions of the tarball, but we're no longer doing
> Can we consider signing the .tar.gz file instead? This is more common
> and it is what various tools (e.g. Debian's upstream source
> checker) support.
The other reason was due to transparent decompression by MSIE, I think.
This is probably much less of an issue than it once was, and I agree,
the order we do it has caused confusion for the few users (compared with
automated tools) that do this. Making it fall in line with common
practice elsewhere would be useful.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba-technical