François Kooman wrote:
The wiki currently describes the procedure to verify source
downloads
using PGP (GnuPG) [4]. I'd like to propose an added section/extension to
also mention Minisign as a means to accomplish that. I wrote a blog post
[5] on how I think it can be added to RPM spec files.
Is this something that we can add to the official Packaging
documentation? I'd be willing to work on this! Any ideas, feedback?
Do you know of any project that signs releases with Minisign? I've
never seen one.
Personally, before I potentially use a new signing tool, I would like
to know that some of the world's smartest cryptologists have analyzed
it and found the design sound.
Björn Persson