Re: [PATCH] build: sign tarball instead of sha256sum

Subject: Re: [PATCH] build: sign tarball instead of sha256sum

Date: Fri, 15 Mar 2019 10:50:34 -0300

To: Adam Majer, Daniel Kahn Gillmor, Carl Worth, notmuch@notmuchmail.org

Cc:

From: David Bremner

Adam Majer <amajer@suse.de> writes:

> The (my?) expectation is that a *.asc file is a detached signature. 
> That's why GPG is warning when it is not a detached signature. But I can 
> live with .sha256.asc if there is no .sha256 ;)

Right, aren't detached signatures preferred in general? Or am I
misremembering some gpg folklore?

d
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

• Previous message (by thread): Re: [PATCH v2 1/3] build: ensure that SHA256_FILE is built

Thread:

• Adam Majer—Release signatures [inbox, unread]
  • David Bremner—Re: Release signatures [inbox, unread]
    • Carl Worth—Re: Release signatures [inbox, signed, unread]
      • David Bremner—[PATCH] build: sign tarball instead of sha256sum [inbox, notmuch::patch, notmuch::pushed, unread]
        • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
          • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
            • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
              • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
            • Adam Majer—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
              • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
                • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                  • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
                    • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                      • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
                    • Adam Majer—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                      • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                    • Daniel Kahn Gillmor—[PATCH] build: distribute signed sha256sums [inbox, notmuch::obsolete, notmuch::patch, unread]
                      • Daniel Kahn Gillmor—[PATCH v2 1/3] build: ensure that SHA256_FILE is built [inbox, notmuch::patch, notmuch::pushed, unread]
                        • Daniel Kahn Gillmor—[PATCH v2 2/3] build: distribute signed sha256sums [inbox, notmuch::patch, notmuch::pushed, unread]
                        • Daniel Kahn Gillmor—[PATCH v2 3/3] build: Rename GPG_FILE to DETACHED_SIG_FILE [inbox, notmuch::patch, notmuch::pushed, unread]
                        • David Bremner—Re: [PATCH v2 1/3] build: ensure that SHA256_FILE is built [inbox, unread]
                • Adam Majer—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                  • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]
                    • Adam Majer—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                  • David Bremner—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, unread]
                    • Daniel Kahn Gillmor—Re: [PATCH] build: sign tarball instead of sha256sum [inbox, signed, unread]