New t50 release (5.6.8)
Samuel Henrique
samueloph at gmail.com
Fri Oct 14 00:53:01 UTC 2016
Well, it happens that Fred (T50 dev.) doesn't actually sign the tarball, he
uses the git sign option, which means that in order to verify the releases
we would have to $ git-verify-tag, which again, d/watch doesn't deal with.
This means that verifying T50 signatures is off the road for now, at least
until Fred start signing the tarballs or debhelper start using git to
verify signatures, which doesn't look like a trivial thing to do since the
tarball doesn't contain any git data. Please correct me if i'm wrong.
Since we won't have any gpg checks, we're ready to release, can someone
with upload rights do the job for us? :)
Thanks
Samuel Henrique <samueloph>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-security-team/attachments/20161013/80fe7dd2/attachment.html>
More information about the Pkg-security-team
mailing list