On Thu, Aug 08, 2019 at 06:19:43PM +0300, Peter Pentchev wrote: > On Thu, Aug 08, 2019 at 04:17:07PM +0200, Björn Persson wrote: > > François Kooman wrote: > > > The wiki currently describes the procedure to verify source downloads > > > using PGP (GnuPG) [4]. I'd like to propose an added section/extension to > > > also mention Minisign as a means to accomplish that. I wrote a blog post > > > [5] on how I think it can be added to RPM spec files. > > > > > > Is this something that we can add to the official Packaging > > > documentation? I'd be willing to work on this! Any ideas, feedback? > > > > Do you know of any project that signs releases with Minisign? I've > > never seen one. > > > > Personally, before I potentially use a new signing tool, I would like > > to know that some of the world's smartest cryptologists have analyzed > > it and found the design sound. > > It seems to be compatible with OpenBSD's signify tool[0][1], which they > have used for the past couple of releases; minisign seems to generate > the same Ed25519 signatures. > > Note that I'm just pointing to informational resources, not advocating > for or against the use of minisign in any capacity. > > G'luck, > Peter > > [0] https://man.openbsd.org/signify > [1] https://www.openbsd.org/papers/bsdcan-signify.html Also note that the signify tool itself, as used by OpenBSD, may be ported to Linux, or at least it has been ported to Debian: https://tracker.debian.org/pkg/signify-openbsd G'luck, Peter -- Peter Pentchev roam@{ringlet.net,debian.org,FreeBSD.org} pp@xxxxxxxxxxxx PGP key: http://people.FreeBSD.org/~roam/roam.key.asc Key fingerprint 2EE7 A7A5 17FC 124C F115 C354 651E EFB0 2527 DF13
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ packaging mailing list -- packaging@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to packaging-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@xxxxxxxxxxxxxxxxxxxxxxx
