-
Notifications
You must be signed in to change notification settings - Fork 617
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
2.4.0 tarball signature missing #565
Comments
We were hoping to rely solely on the GitHub release download process, which
builds the tarballs on the fly, rather than building them separately and
uploading them as ‘assets’, which has been the source of problems in the
past getting them built properly.
Is there a benefit to the explicit tarballs and signatures? If so, we can
consider providing them, we’d just like to understand the benefits over the
automated github process.
On Mon, Sep 23, 2019 at 12:42 AM pgajdos ***@***.***> wrote:
Hello,
thanks for the new release. Do you plan to publish all 'Assets' as in
previous releases?
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub
<#565>,
or mute the thread
<https://github.com/notifications/unsubscribe-auth/AFC3DGKRUBWL53IP2QOBQGLQLBXMTANCNFSM4IZHMV7Q>
.
--
Cary Phillips | R&D Supervisor | ILM | San Francisco
|
Explicit tarballs: no real benefit |
I'm pretty sure that the tagged release tarballs you can get from github are signed. There's no reason to think we could either make the tarballs or sign them in any way that's better than what GitHub does automatically for a tagged release, right? |
https://wiki.debian.org/Creating%20signed%20GitHub%20releases Nevertheless, I am not advocating gpg signature implementation, I am just asking whether this change is intentional and therefore I have to change packaging process. |
Closing. |
Hello,
thanks for the new release. Do you plan to publish all 'Assets' as in previous releases?
The text was updated successfully, but these errors were encountered: