Releasing 2.0.3

Rainer Müller raimue at macports.org
Mon Sep 19 06:56:01 PDT 2011


On 09/06/2011 11:24 AM, Rainer Müller wrote:
> As an alternative, we could create detached rmd160 signatures using
> openssl as we do for the packages now. But you would need a public key
> to verify them. That key needs to be verified as well against a known
> authority (which?). Where should we publish it?
>
> I don't know any good solution for this.

FYI I just realized even Apple signs their product security releases 
using PGP [1].

Rainer

[1] https://ssl.apple.com/support/security/pgp/


More information about the macports-dev mailing list