On Thu, Apr 24, 2014 at 11:15:49AM +1000, Damien Miller wrote: > On Wed, 23 Apr 2014, Bryan Drewery wrote: > > > Am I the only one who finds a bugfix non-release via unsigned mail with > > an inline patch a problem? > > It's only a problem if you can't/won't read the code. > > -d I don't think Bryan's comment is without merit. When I saw the ML patch I reconstructed it from commits in portable's git repo for my own peace of mind [1]. Would it be possible to have "official" patches provided via the ML be PGP-signed in the future? I think many would appreciate it. --mancha PS Also, not sure what git you use on mindrot but by way of FYI, as of version 1.7.9, git allows PGP signing individual commits (e.g. git commit -S -m "blah"). ========= [1] Ingredients of Curve25519 bugfix patch: https://anongit.mindrot.org/openssh.git/commit/?id=adbfdbbdcc https://anongit.mindrot.org/openssh.git/commit/?id=9395b28223 https://anongit.mindrot.org/openssh.git/commit/?id=0e6b67423b https://anongit.mindrot.org/openssh.git/commit/?id=b628cc4c3e
Attachment:
pgpuFH3IDuNPZ.pgp
Description: PGP signature
_______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev