[prev in list] [next in list] [prev in thread] [next in thread] 

List:       php-internals
Subject:    [PHP-DEV] Re: [PHP-CVS] com php-src: PHP7 sounds like a good time to include signatures in announce 
From:       Julien Pauli <jpauli () php ! net>
Date:       2015-06-25 17:28:54
Message-ID: CAMUwpuQAtRxtK8dOdtdqjZg74cDeVi+4=YhTAcwHsF5p0k-O5g () mail ! gmail ! com
[Download RAW message or body]


On Wed, Jun 24, 2015 at 9:19 PM, Ferenc Kovacs <tyra3l@gmail.com> wrote:

> 
> 
> On Wed, Jun 24, 2015 at 8:13 PM, Anatol Belski <anatol.php@belski.net>
> wrote:
> 
> > Hi Hannes,
> > 
> > The change sounds reasonable.
> > 
> > I would like just to ask you for the future - please discuss before
> > adding a change to the release process. It were probably also good to hear
> > from the other RMs doing the job for longer whether they agree with this.
> > Ferenc, Julien, Stas - is such a change ok with you?
> > 
> > With the .asc, do you mean the exported public key? Like
> > 
> > gpg -ao _something_-public.key --export key_id
> > 
> 
> 
> hi,
> 
> we are already signing the release tarballs, the signature is created via
> gpg -u YOUREMAIL --armor --detach-sign php-X.Y.Z.tar.xxx
> as mentioned in the README.RELEASE_PROCESS:
> 
> http://git.php.net/?p=php-src.git;a=blob;f=README.RELEASE_PROCESS;h=5d8ad1abfe81d4543b4107afe1476b57fb8a2178;hb=refs/heads/master#l178
>  
> Hannes change was about having both checksums (personally I think that
> having the sha256 should be enough, no reason for the md5) and the
> signatures included/attached in the announcement mails so we have another
> distinct source of information which our users can use to crosscheck/verify
> the downloads.
> 

Sounds good to me, thanks for the ping.

Julien Pauli



[prev in list] [next in list] [prev in thread] [next in thread]