Detached tarball signatures vs. clearsigned checksum files
Guilhem Moulin
guilhem at fripost.org
Mon Jun 29 21:51:54 AWST 2015
Hi,
On Mon, 29 Jun 2015 at 21:27:23 +0800, Matt Johnston wrote:
> New Debian packages would be great. I've signed
> releases/dropbear-2015.67.tar.bz2.sig for the latest
> one so far, I'll keep more for future releases.
> […]
> Making a new pgp key has been on my todo list so there is now
> a Dropbear Release Key. (The old key is DSA so seemed to
> only make SHA1 signatures)
That's great, thanks! While I'm at it, please also consider excluding
mercurial dotfiles from the tarballs:
************************************************************************
diff --git a/release.sh b/release.sh
index f377d0e..f2c6cad 100755
--- a/release.sh
+++ b/release.sh
@@ -27,7 +27,7 @@ if test -e $ARCHIVE; then
exit 1
fi
-hg archive "$RELDIR" || exit 2
+hg archive "$RELDIR" -X ".hg*" || exit 2
(cd "$RELDIR" && autoconf && autoheader) || exit 2
************************************************************************
(Not sure if you left the ‘./debian’ directory on purpose, but if not
you might want to exclude it as well.)
Cheers,
--
Guilhem.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
Url : http://lists.ucc.gu.uwa.edu.au/pipermail/dropbear/attachments/20150629/d7b1136f/attachment-0001.sig
More information about the Dropbear
mailing list