vsftpd in the news
Benjamin Lewis
ben.lewis at benl.co.uk
Tue Jul 5 17:43:44 UTC 2011
On 07/05/2011 05:15 PM, Adam Williamson wrote:
>
> I didn't see any suggestion that packages be *required* to have a
> signature, only that we somehow run an automated check on one if there
> is one.
>
> Rather than making specific Source numbers special case, why not just go
> on naming? The convention for signatures is to add an extension to the
> name of the tarball the signature is for; that shouldn't be too hard to
> implement, I don't think.
Surely the automated testing tool would need a way of being fed
known-trusted public keys in advance as well?
--
Benjamin Lewis
Returning Officer and Past-President
Durham Union Society
Mobile: +44 7540 379074 Office: +44 191 384 3724
Pemberton Buildings, Palace Green, Durham
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110705/d5d44cf1/attachment.bin
More information about the devel
mailing list