Re: [PATCH] build: sign tarball instead of sha256sum

Subject: Re: [PATCH] build: sign tarball instead of sha256sum

Date: Tue, 12 Mar 2019 07:55:19 -0300

To: Carl Worth, Adam Majer, notmuch@notmuchmail.org

Cc:

From: David Bremner

David Bremner <david@tethera.net> writes:

> Adam Majer pointed out in [1] the way were signing releases was
> unusual. Neither Carl nor I could think of a good reason for
> explicitely signing the checksum (internally of course that's what GPG
> is going anyway).

It seemed unlikely that there would be much testing for this (but feel
free!), so I have pushed it. I can fix any glitches during the next
release.

d
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

• Previous message (by thread): Re: [PATCH v2 1/3] build: ensure that SHA256_FILE is built

Thread:

• Adam Majer—Release signatures [inbox, unread]
  • David Bremner—Re: Release signatures [inbox, unread]
    • Carl Worth—Re: Release signatures [inbox, signed, unread]
      • David Bremner—[PATCH] build: sign tarball instead of sha256sum [inbox, notmuch::patch, notmuch::pushed, unread]
        • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
          • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
            • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
              • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
            • Adam Majer—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
              • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
                • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                  • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
                    • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                      • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
                    • Adam Majer—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                      • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                    • Daniel Kahn Gillmor—[PATCH] build: distribute signed sha256sums [inbox, notmuch::obsolete, notmuch::patch, unread]
                      • Daniel Kahn Gillmor—[PATCH v2 1/3] build: ensure that SHA256_FILE is built [inbox, notmuch::patch, notmuch::pushed, unread]
                        • Daniel Kahn Gillmor—[PATCH v2 2/3] build: distribute signed sha256sums [inbox, notmuch::patch, notmuch::pushed, unread]
                        • Daniel Kahn Gillmor—[PATCH v2 3/3] build: Rename GPG_FILE to DETACHED_SIG_FILE [inbox, notmuch::patch, notmuch::pushed, unread]
                        • David Bremner—Re: [PATCH v2 1/3] build: ensure that SHA256_FILE is built [inbox, unread]
                • Adam Majer—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                  • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
                    • Adam Majer—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                  • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                    • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]