FS#72125 - [libexif] add pgp keys
Attached to Project:
Arch Linux
Opened by T.J. Townsend (blakkheim) - Monday, 13 September 2021, 17:19 GMT
Last edited by Toolybird (Toolybird) - Monday, 22 May 2023, 19:57 GMT
Opened by T.J. Townsend (blakkheim) - Monday, 13 September 2021, 17:19 GMT
Last edited by Toolybird (Toolybird) - Monday, 22 May 2023, 19:57 GMT
|
Details
Description:
Attached diff adds a "validpgpkeys" line to the libexif PKGBUILD for authenticity. Additional info: Some minor reworking of the tarball URLs was required since upstream only signs certain ones. |
This task depends upon
Closed by Toolybird (Toolybird)
Monday, 22 May 2023, 19:57 GMT
Reason for closing: Fixed
Additional comments about closing: libexif 0.6.24-2
Monday, 22 May 2023, 19:57 GMT
Reason for closing: Fixed
Additional comments about closing: libexif 0.6.24-2
Comment by
Levente Polyak (anthraxx) - Monday,
13 September 2021, 17:47 GMT
Comment by
T.J. Townsend (blakkheim) - Monday,
13 September 2021, 17:50 GMT
Comment by
T.J. Townsend (blakkheim) -
Wednesday, 28 September 2022, 03:27 GMT
Comment by
T.J. Townsend (blakkheim) - Monday,
22 May 2023, 14:25 GMT
libexif 0.6.23 release is the first and only one that has signed
artifacts. please clarify with upstream if they opt in to
literally always sign their releases and have a secure backup
I'm sorry but I don't have a Github account. (For what it's worth,
libexif 0.6.23 is also only the second release they've made in the
last ten years...)
Updated diff now that they've made more than one signed release
and development has picked up a little.
Marcus Meissner has confirmed via email that he plans to continue
signing releases with the current key.