gpg signatures for release tarballs

Andreas Köhler at
Mon Mar 3 15:02:59 EST 2008

Hi Andrew,

Am Sonntag, den 02.03.2008, 21:59 -0500 schrieb Andrew Duggan:
> Sorry to be a pest, but why aren't there any gpg signatures for at least
> SHA1sums published for the tarballs for the recent 2.2.x series? Is it
> just an oversight?  

I suppose you mean "or at least" here? :-)

As you can see the GnuCash 2.2.4 release announcement contained md5sums
and was signed with my private gpg key.  I hope that is better than

The one thing I wonder about is whether the tarballs or the announcement
mail should be signed with some sort of "GnuCash developer's key".  In
the end it is the release manager who downloads the source code and
packs it.  Please enlighten me in this issue 8-)

-- andi5

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Dies ist ein digital signierter Nachrichtenteil
Url : 

More information about the gnucash-devel mailing list