[PATCH] Check SHA256 sum of git-$VER.tar.gz after downloading

Jason A. Donenfeld Jason at zx2c4.com
Mon Mar 9 23:30:11 CET 2015


On Mar 8, 2015 12:35 AM, "Todd Zullinger" <tmz at pobox.com> wrote:
> But while we're on the subject, are there PGP signatures available for
the cgit tarballs themselves?

I include a sha256 of the tarball in the announcement emails. Those emails
are pgp signed. My pgp key is embedded in the repo, as well, and it's
verifiable that all announce emails have been signed with the same key.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.zx2c4.com/pipermail/cgit/attachments/20150309/8add9ccd/attachment.html>


More information about the CGit mailing list