Mail archive

Re: [alpine-devel] abuild signing using GnuPG

From: <>
Date: Sat, 21 May 2016 12:54:24 +0000


On Sat May 21 15:00:35 2016 GMT+0300, Sander Maijers wrote:
> Hi all,
> Is this possible?

Not currently out of box.

Verifying gpg signatures of source tarballs would be useful. That could be done manually in unpack or prepare hook. But supporting it directly would be useful.

The built packages are signed with rsa signatures. We are looking to support ecdsa / eddsa signatures also. Since the package signatures are essential part of the package manager, having them gpg signed does not make much sense imho.

Received on Sat May 21 2016 - 12:54:24 UTC