Hi all, In doing my part in getting us away from PGP, at least in areas where its use is overkill or a bad idea [1], I packaged Minisign [2] for Fedora and CentOS [3]. It is currently available in the stable repositories on Fedora >= 30 and EPEL. The wiki currently describes the procedure to verify source downloads using PGP (GnuPG) [4]. I'd like to propose an added section/extension to also mention Minisign as a means to accomplish that. I wrote a blog post [5] on how I think it can be added to RPM spec files. Is this something that we can add to the official Packaging documentation? I'd be willing to work on this! Any ideas, feedback? Regards, François [1] https://latacora.micro.blog/2019/07/16/the-pgp-problem.html [2] https://github.com/jedisct1/minisign [3] https://apps.fedoraproject.org/packages/minisign [4] https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification [5] https://www.tuxed.net/fkooman/blog/minisign.html _______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
