MantisBT

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0001883VCMIOtherpublic2014-08-24 19:062014-08-31 16:28
Reporterjosch 
Assigned To 
PrioritynoneSeverityfeatureReproducibilityN/A
StatusnewResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0001883: could you GPG sign vcmi releases?
DescriptionWould it be possible to sign source releases or release tags in the svn and/or git repository with a GPG key? It would then be possible to verify that the downloaded code is indeed the intended one by the developers and has not been tempered with.
TagsNo tags attached.
Attached Files

- Relationships

-  Notes
(0004937)
Ivan (developer)
2014-08-31 16:20

Possible although don't see much use from it. Will try to do this starting from next release (assuming that I won't forget about it)
(0004940)
josch (developer)
2014-08-31 16:28

Thank you for your consideration!

If you do end up signing your releases, then please put the detached signature in an easily discoverable path. For example if the tarball is at:

http://download.vcmi.eu/vcmi-0.97.tar.gz [^]

then the ASCII armored detached signature could be put at:

http://download.vcmi.eu/vcmi-0.97.tar.gz.asc [^]

- Issue History
Date Modified Username Field Change
2014-08-24 19:06 josch New Issue
2014-08-31 16:20 Ivan Note Added: 0004937
2014-08-31 16:28 josch Note Added: 0004940

Site | Forums | Wiki | Slack | GitHub


Copyright © 2000 - 2024 MantisBT Team
Hosting provided by DigitalOcean