Signing .tar files during release process

Andrew Bartlett abartlet at
Sat Mar 22 18:05:15 MDT 2014

On Sat, 2014-03-22 at 20:10 +0000, Jelmer Vernooij wrote:
> At the moment we're GPG signing .tar files during the release. The
> original reason (IIRC) for this was that we were publishing both .gz
> and .bz2 compressed versions of the tarball, but we're no longer doing
> that.
> Can we consider signing the .tar.gz file instead? This is more common
> and it is what various tools (e.g. Debian's upstream source
> checker) support.

The other reason was due to transparent decompression by MSIE, I think.

This is probably much less of an issue than it once was, and I agree,
the order we do it has caused confusion for the few users (compared with
automated tools) that do this.  Making it fall in line with common
practice elsewhere would be useful.

Andrew Bartlett

Andrew Bartlett             
Authentication Developer, Samba Team
Samba Developer, Catalyst IT

More information about the samba-technical mailing list