[ANNOUNCE] libevdev 1.2
Stephen Kitt
skitt at debian.org
Mon May 5 15:06:13 PDT 2014
On Sun, 04 May 2014 11:43:18 +1000, Peter Hutterer <peter.hutterer at who-t.net>
wrote:
> On 3/05/2014 21:21 , Stephen Kitt wrote:
> > On Wed, 30 Apr 2014 15:25:41 +1000, Peter Hutterer
> > <peter.hutterer at who-t.net> wrote:
> >> http://www.freedesktop.org/software/libevdev/libevdev-1.2.tar.xz
> >> MD5: 220b17e015876cc045bddd891ab4fdc3 libevdev-1.2.tar.xz
> >> SHA1: 787fc00c1ee023a179b46e57d6b5f7d84403c040 libevdev-1.2.tar.xz
> >> SHA256: 4195618067c01d915f67ad3034e89aaa597f5d548dbdd31fa12c569d4bf5a440
> >> libevdev-1.2.tar.xz
> >
> > This, along with your signed announcement, means that the integrity of the
> > archives can be checked properly manually; thanks!
> >
> > Would it also be possible to upload detached signatures to the archive,
> > alongside the tarballs? That way the signatures could be checked
> > automatically by the Debian infrastructure...
>
> We're using the release script from xorg:
> http://cgit.freedesktop.org/xorg/util/modular/tree/release.sh
>
> Feel free to send me patches to add the format you need. Though I do
> wonder: the tarball isn't available over https so I'm not sure what
> adding a separate file with checksums would add, especially if it's on
> the same server.
OK, I'll look into it.
I wasn't thinking of adding a separate file with checksums, but of adding a
detached gnupg signature, which is verifiable with out-of-band information,
given that your key is well connected in the WoT. (And while I'm at it,
signing the git tag.)
Regards,
Stephen
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
URL: <http://lists.freedesktop.org/archives/input-tools/attachments/20140506/957c34d3/attachment.sig>
More information about the Input-tools
mailing list