openSUSE / snapper

Manage filesystem snapshots and allow undo of system modifications
http://snapper.io/
GNU General Public License v2.0
907 stars 128 forks source link

GPG signatures for source validation #295

Open NicoHood opened 7 years ago

NicoHood commented 7 years ago

As we all know, today more than ever before, it is crucial to be able to trust our computing environments. One of the main difficulties that package maintainers of Linux distributions face, is the difficulty to verify the authenticity and the integrity of the source code.

The Arch Linux team would appreciate it if you would provide us GPG signatures in order to verify easily and quickly of your source code releases.

Overview of the required tasks:

Additional Information:


Thanks.

NicoHood commented 7 years ago

Could you please sign the new release?

NicoHood commented 7 years ago

5.0 is out and still no GPG signatures. @aschnell could you please sign the release tarballs?

NicoHood commented 7 years ago

@jsrain any updates?