| Anonymous | Login | 2024-04-23 12:18 UTC |  |
| My View | View Issues | Change Log | Roadmap |
| View Issue Details [ Jump to Notes ] | [ Issue History ] [ Print ] | ||||||||||||
| ID | Project | Category | View Status | Date Submitted | Last Update | ||||||||
| 0001883 | VCMI | Other | public | 2014-08-24 19:06 | 2014-08-31 16:28 | ||||||||
| Reporter | josch | ||||||||||||
| Assigned To | |||||||||||||
| Priority | none | Severity | feature | Reproducibility | N/A | ||||||||
| Status | new | Resolution | open | ||||||||||
| Platform | OS | OS Version | |||||||||||
| Product Version | |||||||||||||
| Target Version | Fixed in Version | ||||||||||||
| Summary | 0001883: could you GPG sign vcmi releases? | ||||||||||||
| Description | Would it be possible to sign source releases or release tags in the svn and/or git repository with a GPG key? It would then be possible to verify that the downloaded code is indeed the intended one by the developers and has not been tempered with. | ||||||||||||
| Tags | No tags attached. | ||||||||||||
| Attached Files | |||||||||||||
 Relationships |
|
 Relationships |
|
Notes |
|
|
(0004937) Ivan (developer) 2014-08-31 16:20 |
Possible although don't see much use from it. Will try to do this starting from next release (assuming that I won't forget about it) |
|
(0004940) josch (developer) 2014-08-31 16:28 |
Thank you for your consideration! If you do end up signing your releases, then please put the detached signature in an easily discoverable path. For example if the tarball is at: http://download.vcmi.eu/vcmi-0.97.tar.gz [^] then the ASCII armored detached signature could be put at: http://download.vcmi.eu/vcmi-0.97.tar.gz.asc [^] |
|
Notes |
|
Issue History |
|||
| Date Modified | Username | Field | Change |
| 2014-08-24 19:06 | josch | New Issue | |
| 2014-08-31 16:20 | Ivan | Note Added: 0004937 | |
| 2014-08-31 16:28 | josch | Note Added: 0004940 | |
|
Issue History |
| Copyright © 2000 - 2024 MantisBT Team |
 |