On Wed, Apr 3, 2013 at 6:14 PM, Thomas Hervé <the...@free.fr> wrote:
> * Glyph mumbled something about sha sums of the release files, instead > of md5. Should we pursue that? We may need to update some trac > integration code. > Depends, what's the goal of the checksums? If it's "we want people to be able to check that the tarball they have is in fact the release and not something tainted by patches or malware", perhaps we either should have a Twisted signing key, or have the release manager sign the release instead (especially since we have a lot of signatures since PyCon :)). -- cheers lvh
_______________________________________________ Twisted-Python mailing list Twisted-Python@twistedmatrix.com http://twistedmatrix.com/cgi-bin/mailman/listinfo/twisted-python
