diff options
Diffstat (limited to 'zarb-ml/mageia-dev/2012-January/011222.html')
| -rw-r--r-- | zarb-ml/mageia-dev/2012-January/011222.html | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/zarb-ml/mageia-dev/2012-January/011222.html b/zarb-ml/mageia-dev/2012-January/011222.html new file mode 100644 index 000000000..b3bf81460 --- /dev/null +++ b/zarb-ml/mageia-dev/2012-January/011222.html @@ -0,0 +1,161 @@ +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN"> +<HTML> + <HEAD> + <TITLE> [Mageia-dev] Signature verification of sources + </TITLE> + <LINK REL="Index" HREF="index.html" > + <LINK REL="made" HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Signature%20verification%20of%20sources&In-Reply-To=%3C201201110958.53575.bgmilne%40staff.telkomsa.net%3E"> + <META NAME="robots" CONTENT="index,nofollow"> + <META http-equiv="Content-Type" content="text/html; charset=us-ascii"> + <LINK REL="Previous" HREF="011212.html"> + <LINK REL="Next" HREF="011210.html"> + </HEAD> + <BODY BGCOLOR="#ffffff"> + <H1>[Mageia-dev] Signature verification of sources</H1> + <B>Buchan Milne</B> + <A HREF="mailto:mageia-dev%40mageia.org?Subject=Re%3A%20%5BMageia-dev%5D%20Signature%20verification%20of%20sources&In-Reply-To=%3C201201110958.53575.bgmilne%40staff.telkomsa.net%3E" + TITLE="[Mageia-dev] Signature verification of sources">bgmilne at staff.telkomsa.net + </A><BR> + <I>Wed Jan 11 08:58:53 CET 2012</I> + <P><UL> + <LI>Previous message: <A HREF="011212.html">[Mageia-dev] Signature verification of sources +</A></li> + <LI>Next message: <A HREF="011210.html">[Mageia-dev] Display manager +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#11222">[ date ]</a> + <a href="thread.html#11222">[ thread ]</a> + <a href="subject.html#11222">[ subject ]</a> + <a href="author.html#11222">[ author ]</a> + </LI> + </UL> + <HR> +<!--beginarticle--> +<PRE>On Tuesday, 10 January 2012 22:23:25 P. Christeas wrote: +><i> On Tuesday 10 January 2012, Buchan Milne wrote: +</I>><i> > I think we should be in the position to be able to verify the origin of +</I>><i> > any software we provide to users. +</I>><i> > ... +</I>><i> +</I>><i> Just a reminder: a git-based build process would implicitly cover that +</I>><i> aspect, since the comit SHAs would be traceable back to the code +</I>><i> maintainers. +</I> +As far as I understand, it wouldn't necessarily provide a guarantee that the +upstream git was compromised before it was cloned by the package maintainer. + +Regards, +Buchan +</PRE> + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +<!--endarticle--> + <HR> + <P><UL> + <!--threads--> + <LI>Previous message: <A HREF="011212.html">[Mageia-dev] Signature verification of sources +</A></li> + <LI>Next message: <A HREF="011210.html">[Mageia-dev] Display manager +</A></li> + <LI> <B>Messages sorted by:</B> + <a href="date.html#11222">[ date ]</a> + <a href="thread.html#11222">[ thread ]</a> + <a href="subject.html#11222">[ subject ]</a> + <a href="author.html#11222">[ author ]</a> + </LI> + </UL> + +<hr> +<a href="https://www.mageia.org/mailman/listinfo/mageia-dev">More information about the Mageia-dev +mailing list</a><br> +</body></html> |