Hi, > -----Original Message----- > From: Ferenc Kovacs [mailto:tyr...@gmail.com] > Sent: Wednesday, June 24, 2015 9:19 PM > To: Anatol Belski > Cc: Hannes Magnusson; php-...@lists.php.net; Kalle Sommer Nielsen; Julien > Pauli; Stanislav Malyshev; PHP internals > Subject: Re: [PHP-CVS] com php-src: PHP7 sounds like a good time to include > signatures in announce mails: README.RELEASE_PROCESS > > On Wed, Jun 24, 2015 at 8:13 PM, Anatol Belski <anatol....@belski.net> > wrote: > > > Hi Hannes, > > > > The change sounds reasonable. > > > > I would like just to ask you for the future - please discuss before > > adding a change to the release process. It were probably also good to > > hear from the other RMs doing the job for longer whether they agree with > this. > > Ferenc, Julien, Stas - is such a change ok with you? > > > > With the .asc, do you mean the exported public key? Like > > > > gpg -ao _something_-public.key --export key_id > > > > > hi, > > we are already signing the release tarballs, the signature is created via gpg > -u > YOUREMAIL --armor --detach-sign php-X.Y.Z.tar.xxx as mentioned in the > README.RELEASE_PROCESS: > http://git.php.net/?p=php- > src.git;a=blob;f=README.RELEASE_PROCESS;h=5d8ad1abfe81d4543b4107afe14 > 76b57fb8a2178;hb=refs/heads/master#l178 > > Hannes change was about having both checksums (personally I think that having > the sha256 should be enough, no reason for the md5) and the signatures > included/attached in the announcement mails so we have another distinct > source of information which our users can use to crosscheck/verify the > downloads. > Thanks for the comments. I've updated the document with the md5 change.
Regards Anatol -- PHP Internals - PHP Runtime Development Mailing List To unsubscribe, visit: http://www.php.net/unsub.php
