On Tue, Jul 2, 2013 at 11:37 PM, Matt Turner <matts...@gmail.com> wrote:
> On Tue, Jul 2, 2013 at 1:02 PM, Ian Romanick <i...@freedesktop.org> wrote: > > 2. Instead of just posting md5sum for the release tarballs, I think we > > should start GPG signing them. I'm not sure what sort of process we > want to > > establish for this. Should they just be signed by the release managers > key? > > Is this easier than I think it is? > > GPG sign the git tag (git tag -s) and the announce email which > contains the md5/sha sums. That's how X.Org releases are done. > +1
_______________________________________________ mesa-dev mailing list mesa-dev@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/mesa-dev
