Hey Francois,
I suggest you bring this topic to devel@lists.fedoraproject.org first. AFAICT, not many people are subscribed here, so at devel you might catch someone's attention about this... :)
With regards,
Dee'Kej
On Mon, Aug 5, 2019 at 1:37 PM François Kooman fkooman@tuxed.net wrote:
Hi all,
In doing my part in getting us away from PGP, at least in areas where its use is overkill or a bad idea [1], I packaged Minisign [2] for Fedora and CentOS [3]. It is currently available in the stable repositories on Fedora >= 30 and EPEL.
The wiki currently describes the procedure to verify source downloads using PGP (GnuPG) [4]. I'd like to propose an added section/extension to also mention Minisign as a means to accomplish that. I wrote a blog post [5] on how I think it can be added to RPM spec files.
Is this something that we can add to the official Packaging documentation? I'd be willing to work on this! Any ideas, feedback?
Regards, François
[1] https://latacora.micro.blog/2019/07/16/the-pgp-problem.html [2] https://github.com/jedisct1/minisign [3] https://apps.fedoraproject.org/packages/minisign [4]
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_veri...
[5] https://www.tuxed.net/fkooman/blog/minisign.html _______________________________________________ packaging mailing list -- packaging@lists.fedoraproject.org To unsubscribe send an email to packaging-leave@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/packaging@lists.fedoraproject....