[MacPorts] #59763: MacPorts gpg signatures are meaningless without access to the public key
MacPorts
noreply at macports.org
Wed Nov 27 05:00:39 UTC 2019
#59763: MacPorts gpg signatures are meaningless without access to the public key
-----------------------+--------------------
Reporter: cohunter | Owner: (none)
Type: defect | Status: new
Priority: Normal | Milestone:
Component: website | Version:
Resolution: | Keywords:
Port: |
-----------------------+--------------------
Comment (by jmroot):
The file is definitely still attached to the wiki page, which is mentioned
in all the release announcements, along with the key's fingerprint. And
TBH it's fine for most users to rely on the Developer ID signatures
embedded in the .pkg installers.
That said, I have no objection to adding more pointers to the GPG key (and
indeed the detached signatures). If you have specific changes in mind,
please feel free to propose them (preferably as pull requests on the
macports-guide and/or macports-www repos.)
--
Ticket URL: <https://trac.macports.org/ticket/59763#comment:2>
MacPorts <https://www.macports.org/>
Ports system for macOS
More information about the macports-tickets
mailing list