Detached tarball signatures vs. clearsigned checksum files

Guilhem Moulin guilhem at
Mon Jun 29 21:51:54 AWST 2015


On Mon, 29 Jun 2015 at 21:27:23 +0800, Matt Johnston wrote:
> New Debian packages would be great. I've signed
> releases/dropbear-2015.67.tar.bz2.sig for the latest
> one so far, I'll keep more for future releases.
> […]
> Making a new pgp key has been on my todo list so there is now
> a Dropbear Release Key. (The old key is DSA so seemed to
> only make SHA1 signatures)

That's great, thanks!  While I'm at it, please also consider excluding
mercurial dotfiles from the tarballs:


diff --git a/ b/
index f377d0e..f2c6cad 100755
--- a/
+++ b/
@@ -27,7 +27,7 @@ if test -e $ARCHIVE; then
    exit 1
-hg archive "$RELDIR"  || exit 2
+hg archive "$RELDIR" -X ".hg*" || exit 2
 (cd "$RELDIR" && autoconf && autoheader) || exit 2


(Not sure if you left the ‘./debian’ directory on purpose, but if not
you might want to exclude it as well.)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
Url : 

More information about the Dropbear mailing list