[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Weechat-dev] [bug #37428] GPG signatures and downloading over TLS

From: Abel Luck
Subject: [Weechat-dev] [bug #37428] GPG signatures and downloading over TLS
Date: Sun, 23 Sep 2012 16:38:21 +0000
User-agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0) Gecko/20100101 Firefox/10.0


                 Summary: GPG signatures and downloading over TLS
                 Project: WeeChat
            Submitted by: abelxluck
            Submitted on: Sun 23 Sep 2012 04:38:21 PM GMT
                Category: packaging
                Severity: 3 - Normal
              Item Group: security
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: 
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: other
                IRC nick: abeluck



Hi there, I can't seem to find any signatures to download and verify along
side the binary packages or source tarballs. 

Most users probably get weechat from their distro's packages, but as far as I
can tell, the packagers have no way to verify the authenticity of the source
tarballs they download.

It would be great if the download page could link to the signature, moreover,
if the downloads were available for TLS, that would be useful as well. 

If you have any questions about how to implement GPG signing/verification into
the release process, let me know, I'd be more than happy to help.


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]