search

grant-olson / rubygems-openpgp

This allows you to cryptographically sign ruby gems, so that a user can later verify that they've downloaded a copy that hasn't been tampered with or hacked.
http://www.rubygems-openpgp-ca.org
Other
32 stars 4 forks source link

Keyring consideration #5

Closed zph closed 11 years ago

zph commented 11 years ago

The ArchLinux community could be a good resource for implementing this since they added package signing within the last 1-2 yrs.

It went through a small amount of growing pain but seemed to stabilize if I recall correctly.

http://allanmcrae.com/2011/08/pacman-package-signing-1-makepkg-and-repo-add/

grant-olson commented 11 years ago

I'm sorry. I don't understand if you were just pointing me to a link with some tips, or if you were trying to get me to perform some action. Could you please clarify? Thanks.

zph commented 11 years ago

Just pointing you to a series of articles on how ArchLinux implemented it, in case you continue work on a Gem signing policy.

Feel free to close it as it's a communication rather than an issue :).

Zander

@_zph || zander@civet.ws || www.civet.ws

On Thursday, January 31, 2013 at 7:26 AM, Grant Olson wrote:

I'm sorry. I don't understand if you were just pointing me to a link with some tips, or if you were trying to get me to perform some action. Could you please clarify? Thanks.

— Reply to this email directly or view it on GitHub (https://github.com/grant-olson/rubygems-openpgp/issues/5#issuecomment-12940178).

grant-olson commented 11 years ago

Thanks.