FS#72125 - [libexif] add pgp keys
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Monday, 13 September 2021, 17:19 GMT
Last edited by Toolybird (Toolybird) - Monday, 22 May 2023, 19:57 GMT
Opened by T.J. Townsend (blakkheim) - Monday, 13 September 2021, 17:19 GMT
Last edited by Toolybird (Toolybird) - Monday, 22 May 2023, 19:57 GMT
|
Details
Description:
Attached diff adds a "validpgpkeys" line to the libexif PKGBUILD for authenticity. Additional info: Some minor reworking of the tarball URLs was required since upstream only signs certain ones. 
libexif.diff
(1.4 KiB)
|
This task depends upon
Closed by Toolybird (Toolybird)
Monday, 22 May 2023, 19:57 GMT
Reason for closing: Fixed
Additional comments about closing: libexif 0.6.24-2
Monday, 22 May 2023, 19:57 GMT
Reason for closing: Fixed
Additional comments about closing: libexif 0.6.24-2
Comment by
Levente Polyak (anthraxx) - Monday,
13 September 2021, 17:47 GMT
libexif 0.6.23 release is the first and only one that has signed
artifacts. please clarify with upstream if they opt in to
literally always sign their releases and have a secure backup
Comment by
T.J. Townsend (blakkheim) - Monday,
13 September 2021, 17:50 GMT
I'm sorry but I don't have a Github account. (For what it's worth,
libexif 0.6.23 is also only the second release they've made in the
last ten years...)
Comment by
T.J. Townsend (blakkheim) -
Wednesday, 28 September 2022, 03:27 GMT
Updated diff now that they've made more than one signed release
and development has picked up a little.
libexif-v2.diff
(1.6 KiB)
Comment by
T.J. Townsend (blakkheim) - Monday,
22 May 2023, 14:25 GMT
Marcus Meissner has confirmed via email that he plans to continue
signing releases with the current key.