FS#71302 - [iperf3] use signed tag

Attached to Project: Community Packages
Opened by T.J. Townsend (blakkheim) - Saturday, 19 June 2021, 21:57 GMT
Last edited by T.J. Townsend (blakkheim) - Monday, 29 May 2023, 15:16 GMT
Task Type Bug Report
Category Packages
Status Closed
Assigned To Levente Polyak (anthraxx)
Architecture All
Severity Low
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Description:
Attached diff switches the iperf3 package to use a PGP-signed git tag for authenticity.

Additional info:
Upstream formerly signed release tarballs (https://downloads.es.net/pub/iperf/) but appears to have stopped this practice at some point.
This task depends upon

Closed by  T.J. Townsend (blakkheim)
Monday, 29 May 2023, 15:16 GMT
Reason for closing:  No response
Additional comments about closing:  No response from upstream in nearly a year. Tags are no longer signed.
Comment by Levente Polyak (anthraxx) - Saturday, 19 June 2021, 22:12 GMT
can you please ask why they stopped signing tarballs and if they can start signing it again? Furthermore upstream would need to vouch that they keep using this signing key for all gitt release tags, please clarify this as well if possible. thank you!
Comment by Brett Cornwall (ainola) - Sunday, 14 August 2022, 18:06 GMT
mysta: Were you able to get in contact with upstream regarding this? They'd probably be amenable to going back to signing their releases!
Comment by T.J. Townsend (blakkheim) - Sunday, 14 August 2022, 18:22 GMT
Just sent upatream an email about it. I'll post an updated diff if they decide to do it. I'm not sure if the same person does the release each time though.

Loading...