Hi Guillem (2024.10.05_01:32:45_+)
> > 1. sigstore https://docs.sigstore.dev/
>
> Although I've heard of this before, I never really checked what is
> the actual design behind it, and its implications.
I'm new to all this too, but I can answer some of those questions from
my own reading:
> I
Hi!
On Fri, 2024-10-04 at 18:21:01 +, Stefano Rivera wrote:
> Picking up a thread that started on debian-pyt...@lists.debian.org:
> https://lists.debian.org/msgid-search/14198883.O9o76ZdvQC@galatea
>
> Upstreams that care about supply chain security have been building
> mechanisms to authenti
* Stefano Rivera: " Alternative signature mechanisms for upstream source
verification" (Fri, 4 Oct 2024 18:21:01 +):
[...]
> Should we expand this to include some of these new mechanisms?
> Things brought up in the debian-python thread include:
> 1. sigstore https://docs.sigstore.dev/
> 2.
Picking up a thread that started on debian-pyt...@lists.debian.org:
https://lists.debian.org/msgid-search/14198883.O9o76ZdvQC@galatea
Upstreams that care about supply chain security have been building
mechanisms to authenticate their releases, beyond PGP signatures.
For example, Python started pro
Package: wnpp
Severity: wishlist
Owner: Jarrah Gosbell
X-Debbugs-Cc: debian-devel@lists.debian.org, Jarrah Gosbell
* Package name: buffybox
Version : 3.2.0
Upstream Contact: Johannes Marbach
* URL : https://gitlab.com/postmarketos/buffybox
* License : BSD-3-c
Hi,
On Thu, 3 Oct 2024, at 23:08, Jonas Smedegaard wrote:
> Quoting Andrej Shadura (2024-10-03 21:41:49)
>> On Thu, 3 Oct 2024, at 20:05, Debian FTP Masters wrote:
>> >* simplify rules;
>> > build-depend on dh-rust (not dh-cargo);
>> > add X-Cargo-Crates hint;
>> > drop patch de
6 matches
Mail list logo
