François Kooman wrote: > The wiki currently describes the procedure to verify source downloads > using PGP (GnuPG) [4]. I'd like to propose an added section/extension to > also mention Minisign as a means to accomplish that. I wrote a blog post > [5] on how I think it can be added to RPM spec files. > > Is this something that we can add to the official Packaging > documentation? I'd be willing to work on this! Any ideas, feedback? Do you know of any project that signs releases with Minisign? I've never seen one. Personally, before I potentially use a new signing tool, I would like to know that some of the world's smartest cryptologists have analyzed it and found the design sound. Björn Persson
Attachment:
pgpRQe_kcGIc_.pgp
Description: OpenPGP digital signatur
_______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
