[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Preparing for a Release
- Subject: Re: Preparing for a Release
- From: Ori Bernstein <ori@xxxxxxxxxxxxxx>
- Date: Thu, 2 Mar 2017 19:17:35 -0800
- To: Daniel Cegiełka <daniel.cegielka@xxxxxxxxx>
- Cc: James Turner <james@xxxxxxxxxxxxxxx>, myrddin-dev@xxxxxxxxxxxxxx
If I understand signify correctly, the assumption is that you have a
trusted version somewhere that contains the signature for the next
versions.
I guess the best way to bootstrap is just sending out an email, and
check it into git.
On Thu, 2 Mar 2017 21:05:35 +0100
Daniel Cegiełka <daniel.cegielka@xxxxxxxxx> wrote:
> https://github.com/rescrv/signify
>
> 2017-03-02 20:37 GMT+01:00 James Turner <james@xxxxxxxxxxxxxxx>:
> > On Thu, Mar 02, 2017 at 10:20:57AM -0800, Ori Bernstein wrote:
> >> On Thu, 2 Mar 2017 12:54:32 -0500
> >> James Turner <james@xxxxxxxxxxxxxxx> wrote:
> >>
> >> > Sounds like a solid plan to me. I'll probably point at the tarball
> >> > release then.
> >>
> >> Actually -- any thoughts on signing/hashes/integerity?
> >>
> >> --
> >> Ori Bernstein <ori@xxxxxxxxxxxxxx>
> >>
> >
> > The OpenBSD project uses a tool called signify, which was built inhouse,
> > to sign all packages and releases.
> >
> > https://www.openbsd.org/papers/bsdcan-signify.html
> > http://man.openbsd.org/signify
> > http://www.tedunangst.com/flak/post/signify
> >
> > It's pretty straight forward and I believe has been ported to other
> > operating system.
> >
> > --
> > James Turner
> >
>
--
Ori Bernstein <ori@xxxxxxxxxxxxxx>