FS#71302 - [iperf3] use signed tag
Attached to Project:
Community Packages
Opened by T.J. Townsend (blakkheim) - Saturday, 19 June 2021, 21:57 GMT
Last edited by T.J. Townsend (blakkheim) - Monday, 29 May 2023, 15:16 GMT
Opened by T.J. Townsend (blakkheim) - Saturday, 19 June 2021, 21:57 GMT
Last edited by T.J. Townsend (blakkheim) - Monday, 29 May 2023, 15:16 GMT
|
Details
Description:
Attached diff switches the iperf3 package to use a PGP-signed git tag for authenticity. Additional info: Upstream formerly signed release tarballs (https://downloads.es.net/pub/iperf/) but appears to have stopped this practice at some point. |
This task depends upon
Closed by T.J. Townsend (blakkheim)
Monday, 29 May 2023, 15:16 GMT
Reason for closing: No response
Additional comments about closing: No response from upstream in nearly a year. Tags are no longer signed.
Monday, 29 May 2023, 15:16 GMT
Reason for closing: No response
Additional comments about closing: No response from upstream in nearly a year. Tags are no longer signed.
Comment by
Levente Polyak (anthraxx) -
Saturday, 19 June 2021, 22:12 GMT
Comment by
Brett Cornwall (ainola) - Sunday,
14 August 2022, 18:06 GMT
Comment by
T.J. Townsend (blakkheim) - Sunday,
14 August 2022, 18:22 GMT
can you please ask why they stopped signing tarballs and if they
can start signing it again? Furthermore upstream would need to
vouch that they keep using this signing key for all gitt release
tags, please clarify this as well if possible. thank you!
mysta: Were you able to get in contact with upstream regarding
this? They'd probably be amenable to going back to signing their
releases!
Just sent upatream an email about it. I'll post an updated diff if
they decide to do it. I'm not sure if the same person does the
release each time though.