[prev in list] [next in list] [prev in thread] [next in thread]
List: php-internals
Subject: [PHP-DEV] Re: [PHP-CVS] com php-src: PHP7 sounds like a good time to include signatures in announce
From: Julien Pauli <jpauli () php ! net>
Date: 2015-06-25 17:28:54
Message-ID: CAMUwpuQAtRxtK8dOdtdqjZg74cDeVi+4=YhTAcwHsF5p0k-O5g () mail ! gmail ! com
[Download RAW message or body]
On Wed, Jun 24, 2015 at 9:19 PM, Ferenc Kovacs <tyra3l@gmail.com> wrote:
>
>
> On Wed, Jun 24, 2015 at 8:13 PM, Anatol Belski <anatol.php@belski.net>
> wrote:
>
> > Hi Hannes,
> >
> > The change sounds reasonable.
> >
> > I would like just to ask you for the future - please discuss before
> > adding a change to the release process. It were probably also good to hear
> > from the other RMs doing the job for longer whether they agree with this.
> > Ferenc, Julien, Stas - is such a change ok with you?
> >
> > With the .asc, do you mean the exported public key? Like
> >
> > gpg -ao _something_-public.key --export key_id
> >
>
>
> hi,
>
> we are already signing the release tarballs, the signature is created via
> gpg -u YOUREMAIL --armor --detach-sign php-X.Y.Z.tar.xxx
> as mentioned in the README.RELEASE_PROCESS:
>
> http://git.php.net/?p=php-src.git;a=blob;f=README.RELEASE_PROCESS;h=5d8ad1abfe81d4543b4107afe1476b57fb8a2178;hb=refs/heads/master#l178
>
> Hannes change was about having both checksums (personally I think that
> having the sha256 should be enough, no reason for the md5) and the
> signatures included/attached in the announcement mails so we have another
> distinct source of information which our users can use to crosscheck/verify
> the downloads.
>
Sounds good to me, thanks for the ping.
Julien Pauli
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic