Buy commercial curl support from
WolfSSL. We help you work out your issues, debug your libcurl
applications, use the API, port to new platforms, add new features and more.
With a team lead by the curl founder himself.
Re: Reproducing the release tarballs
- Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]
From: Daniel Stenberg via curl-library <curl-library_at_lists.haxx.se>
Date: Sat, 30 Mar 2024 19:33:20 +0100 (CET)
On Sat, 30 Mar 2024, jim.fuller_at_webcomposite.com wrote:
> While we are here … can we outline all processes to tarball - for example I
> see no signing step
I did not mention signing because it does not strictly affect the tarball as
the signature is separate. I gpg sign every release and have done so for more
than a decade.
> - also wonder if we need to consider signing tarballs (and all release
> artefacts) using cosign ?
What benefits would that bring?
Date: Sat, 30 Mar 2024 19:33:20 +0100 (CET)
On Sat, 30 Mar 2024, jim.fuller_at_webcomposite.com wrote:
> While we are here … can we outline all processes to tarball - for example I
> see no signing step
I did not mention signing because it does not strictly affect the tarball as
the signature is separate. I gpg sign every release and have done so for more
than a decade.
> - also wonder if we need to consider signing tarballs (and all release
> artefacts) using cosign ?
What benefits would that bring?
-- / daniel.haxx.se | Commercial curl support up to 24x7 is available! | Private help, bug fixes, support, ports, new features | https://curl.se/support.html
-- Unsubscribe: https://lists.haxx.se/mailman/listinfo/curl-library Etiquette: https://curl.se/mail/etiquette.htmlReceived on 2024-03-30