gpg signatures for release tarballs
Andreas Köhler
andi5.py at gmx.net
Mon Mar 3 15:02:59 EST 2008
Hi Andrew,
Am Sonntag, den 02.03.2008, 21:59 -0500 schrieb Andrew Duggan:
> Sorry to be a pest, but why aren't there any gpg signatures for at least
> SHA1sums published for the tarballs for the recent 2.2.x series? Is it
> just an oversight?
I suppose you mean "or at least" here? :-)
As you can see the GnuCash 2.2.4 release announcement contained md5sums
and was signed with my private gpg key. I hope that is better than
before.
The one thing I wonder about is whether the tarballs or the announcement
mail should be signed with some sort of "GnuCash developer's key". In
the end it is the release manager who downloads the source code and
packs it. Please enlighten me in this issue 8-)
Thanks,
-- andi5
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : http://lists.gnucash.org/pipermail/gnucash-devel/attachments/20080303/873f83b4/attachment.bin
More information about the gnucash-devel
mailing list