search

LudovicRousseau / pyscard

pyscard smartcard library for python
http://pyscard.sourceforge.net/
GNU Lesser General Public License v2.1
383 stars 110 forks source link

signed tarballs or tags #33

Closed leifj closed 7 years ago

leifj commented 7 years ago

Would it be possible to generate signed release tarballs or signed tags on github with a PGP key ?

LudovicRousseau commented 7 years ago

I uploaded a signature for the .tar.gz at sourceforge.net https://sourceforge.net/projects/pyscard/files/pyscard/pyscard%201.9.4/

The github archive is generated automatically by github, not by me. Do you have a documentation on signing a release on github?

I also tried to add a signature file on https://pypi.python.org/pypi/pyscard/1.9.4 but it looks like it is only possible to do that while uploading the archive itself.

leifj commented 7 years ago

https://github.com/blog/2144-gpg-signature-verification https://wiki.debian.org/Creating%20signed%20GitHub%20releases

those should help with github signatures

leifj commented 7 years ago

Also - thx a bunch for the quick reply on that. You wouldn't have any useful contacts with the folks who do the ACS ccid driver? I've been trying to get them to do the same thing...

LudovicRousseau commented 7 years ago

I uploaded a GPG signature for https://github.com/LudovicRousseau/pyscard/releases/tag/release-1.9.4

I will try to sign my tags next times.

My ACS contact is Godfrey Chung, the Debian maintainer of the acsccid driver. You can get his email from https://tracker.debian.org/pkg/acsccid

leifj commented 7 years ago

thx :-)