François Kooman wrote:
The wiki currently describes the procedure to verify source downloads using PGP (GnuPG) [4]. I'd like to propose an added section/extension to also mention Minisign as a means to accomplish that. I wrote a blog post [5] on how I think it can be added to RPM spec files.
Is this something that we can add to the official Packaging documentation? I'd be willing to work on this! Any ideas, feedback?
Do you know of any project that signs releases with Minisign? I've never seen one.
Personally, before I potentially use a new signing tool, I would like to know that some of the world's smartest cryptologists have analyzed it and found the design sound.
Björn Persson