Re: Using Minisign for source file verification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hey Francois,

I suggest you bring this topic to devel@xxxxxxxxxxxxxxxxxxxxxxx first. AFAICT, not many people are subscribed here, so at devel you might catch someone's attention about this... :)

With regards,

Dee'Kej

On Mon, Aug 5, 2019 at 1:37 PM François Kooman <fkooman@xxxxxxxxx> wrote:
Hi all,

In doing my part in getting us away from PGP, at least in areas where
its use is overkill or a bad idea [1], I packaged Minisign [2] for
Fedora and CentOS [3]. It is currently available in the stable
repositories on Fedora >= 30 and EPEL.

The wiki currently describes the procedure to verify source downloads
using PGP (GnuPG) [4]. I'd like to propose an added section/extension to
also mention Minisign as a means to accomplish that. I wrote a blog post
[5] on how I think it can be added to RPM spec files.

Is this something that we can add to the official Packaging
documentation? I'd be willing to work on this! Any ideas, feedback?

Regards,
François

[1] https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
[2] https://github.com/jedisct1/minisign
[3] https://apps.fedoraproject.org/packages/minisign
[4]
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_verification

[5] https://www.tuxed.net/fkooman/blog/minisign.html
_______________________________________________
packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
_______________________________________________
packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite Forum]     [KDE Users]

  Powered by Linux