[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Need better release validation documentation/strategy.
From: |
Jim Meyering |
Subject: |
Re: Need better release validation documentation/strategy. |
Date: |
Fri, 8 Apr 2022 08:51:06 -0700 |
On Fri, Apr 8, 2022 at 6:30 AM Bob Friesenhahn
<bfriesen@simple.dallas.tx.us> wrote:
> Today I saw an announcement for a new version of gzip. It provided
> lots of data for how to verify the downloaded tarballs. I recently
> saw a very similar announcement for a new version of libtool. I am not
> sure where the template of this announcement text is coming from, and
> if anyone has validated that recipients will be able to make sense of
> it.
>
> The problem is that the advice in the announcements regarding use of
> 'gpg' just doesn't work (commands fail),
That was my mistake, and I fixed it last night. We updated the
generated and recommended gpg-key-fetching command to be a wget
command that fetches from savannah. I presumed that it would just
work, but that was not true. I fixed it by adding my gpg key in the
"public information" section of each project for which I'm already
listed as an authorized uploader.