[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Alternative signature mechanisms for upstream source verification

* Stefano Rivera: " Alternative signature mechanisms for upstream source
  verification" (Fri, 4 Oct 2024 18:21:01 +0000):

[...]

> Should we expand this to include some of these new mechanisms?
> Things brought up in the debian-python thread include:
> 1. sigstore https://docs.sigstore.dev/
> 2. ssh signatures
> 3. signify https://man.openbsd.org/signify.1

JFTR: Tryton moved from pgp signatures to signify, so of course I would
appreciate if this format could be handled as well.



-- 

    Mathias Behrle
    PGP/GnuPG key availabable from any keyserver, ID: 0xD6D09BE48405BBF6
    AC29 7E5C 46B9 D0B6 1C71  7681 D6D0 9BE4 8405 BBF6
Reply to: