From mboxrd@z Thu Jan 1 00:00:00 1970 From: Steve Grubb Subject: Re: signed tarballs Date: Mon, 10 Apr 2017 14:51:13 -0400 Message-ID: <1765958.BlmlVzvdNt@x2> References: <20170406233134.GA32113@motoko> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Return-path: In-Reply-To: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: linux-audit-bounces@redhat.com Errors-To: linux-audit-bounces@redhat.com To: linux-audit@redhat.com List-Id: linux-audit@redhat.com On Saturday, April 8, 2017 8:53:10 AM EDT Paul Moore wrote: > > I am the maintainer of 'audit' in the official Arch Linux Repositories. > > Is there a reason why you don't provide a signature file for the > > releases nor a checksum or am I just stupid and can't find it on your > > website: https://people.redhat.com/sgrubb/audit/ ? > > Steve seems to be posting audit userspace releases both on his Red Hat > people page and on GitHub; I'm not sure which he considers to be the > "authoritative" release, he'll have to answer that. > > https://github.com/linux-audit/audit-userspace/releases I consider the ones from the people page to be authoritative because its been converted from raw, unprocessed development files to a distribution tarball by use of the autotools. This involves running autogen.sh, ./configure, and then make dist-check. Starting with the 2.7.5 release, I changed the naming convention on github to make sure people can tell the difference when looking at the release from the people page vs github. -Steve