gpg signatures for release tarballs?

lua-l archive

[Date Prev][Date Next][Thread Prev][Thread Next] [Date Index] [Thread Index]

Subject: gpg signatures for release tarballs?
From: "Anonymous" <hyperowl@...>
Date: Sat, 29 Jan 2022 02:34:24 -0000

You only publish release checksums. The resulting scheme is weak: I need
to trust HTTPS which is security theatre given how vulnerable CAs are.
Please consider publishing cryptographic signatures of some kind
(gpg/signify/whetever).

Follow-Ups:
- Re: gpg signatures for release tarballs?, Joseph C. Sible

Prev by Date: Early results of Lua 5.4.4 with Tecgraf's CD/IM/IUP toolkit...
Next by Date: Re: gpg signatures for release tarballs?
Previous by thread: Early results of Lua 5.4.4 with Tecgraf's CD/IM/IUP toolkit...
Next by thread: Re: gpg signatures for release tarballs?
Index(es):
- Date
- Thread