26 Nov
2017
26 Nov
'17
5:57 p.m.
On Sun, Nov 26, 2017 at 04:51:53PM +0100, David Runge wrote:
That is right. I am not sure, how many can be
convinced in the near
future. Asking is cheap, though, so would that work for you Fons? :)
So that would mean:
- I create a GPG key for signing zita-packages, and make it
available on some keyserver.
- Some famous LAD members sign my key.
- I use gpg -b zita-zzz.tar.bz2 to generate a signature for
each package and put it on my website.
I see no problem with this.
Some questions:
- which keyserver to use ?
- use gpg -b or gpg -ab ?
Ciao,
--
FA
A world of exhaustive, reliable metadata would be an utopia.
It's also a pipe-dream, founded on self-delusion, nerd hubris
and hysterically inflated market opportunities. (Cory Doctorow)