On Sun, Jan 21, 2018 at 02:03:26PM -0800, Vagrant Cascadian wrote: > On 2018-01-04, David Gibson wrote: > > Hi everyone. There have been a number of useful bugfixes added to the > > dtc tree since v1.4.5, so I decided to tag another release. > > Thanks for all the work on dtc! > > > > The signed tag is in the master git tree at: > > > > git://git.kernel.org/pub/scm/utils/dtc/dtc.git > > I'm not seeing a signed tag for v1.4.6, and it doesn't appear in the web > interface either: > > https://git.kernel.org/pub/scm/utils/dtc/dtc.git/refs/tags Oops, I forgot to push the tag up to the main repo. Should be fixed now. > > Or you can download tarballs from: > > > > https://www.kernel.org/pub/software/utils/dtc/ > > Fortunately, commit:e54388015af1fb4bf04d0bca99caba1074d9cc42 appears to > be consistent with the contents of the 1.4.6 tarballs. > > > On a related note, I was wondering if it would be possible to have the > compressed tarballs have their own signature: > > https://www.kernel.org/pub/software/utils/dtc/dtc-1.4.6.tar.sign > > Only validates against the uncompressed tarball, which makes > verification of the signature a bit more complicated, having to > decompresss the tarball before verification. So, that's not under my control AFAIK - it's handed by the kup scripts that I use to upload blobs. It handles the compression for me. > It also means I can not include the signature file in the Debian > archive, as the signature needs to verify against the compressed tarball > in the Debian archive. For this reason especially, it would be nice to > have dtc-X.Y.Z.tar.xz.sign available as well. > > Thanks for considering! > > Please CC me in replies; I'm not subscribed to the list. > > live well, > vagrant -- David Gibson | I'll have my music baroque, and my code david AT gibson.dropbear.id.au | minimalist, thank you. NOT _the_ _other_ | _way_ _around_! http://www.ozlabs.org/~dgibson
Attachment:
signature.asc
Description: PGP signature
