Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#71302 - [iperf3] use signed tag
Attached to Project:
Community Packages
Opened by T.J. Townsend (blakkheim) - Saturday, 19 June 2021, 21:57 GMT
Last edited by Morten Linderud (Foxboron) - Sunday, 20 June 2021, 16:27 GMT
Opened by T.J. Townsend (blakkheim) - Saturday, 19 June 2021, 21:57 GMT
Last edited by Morten Linderud (Foxboron) - Sunday, 20 June 2021, 16:27 GMT
|
DetailsDescription:
Attached diff switches the iperf3 package to use a PGP-signed git tag for authenticity. Additional info: Upstream formerly signed release tarballs (https://downloads.es.net/pub/iperf/) but appears to have stopped this practice at some point. 
iperf.diff
(1.1 KiB)
|
This task depends upon
Comment by Levente Polyak (anthraxx) -
Saturday, 19 June 2021, 22:12 GMT
can you please ask why they stopped signing tarballs and if they can start signing it again? Furthermore upstream would need to vouch that they keep using this signing key for all gitt release tags, please clarify this as well if possible. thank you!
Comment by Brett Cornwall (ainola) -
Sunday, 14 August 2022, 18:06 GMT
mysta: Were you able to get in contact with upstream regarding this? They'd probably be amenable to going back to signing their releases!
Comment by T.J. Townsend (blakkheim) -
Sunday, 14 August 2022, 18:22 GMT
Just sent upatream an email about it. I'll post an updated diff if they decide to do it. I'm not sure if the same person does the release each time though.