Hi all,
In doing my part in getting us away from PGP, at least in areas where
its use is overkill or a bad idea [1], I packaged Minisign [2] for
Fedora and CentOS [3]. It is currently available in the stable
repositories on Fedora >= 30 and EPEL.
The wiki currently describes the procedure to verify source downloads
using PGP (GnuPG) [4]. I'd like to propose an added section/extension to
also mention Minisign as a means to accomplish that. I wrote a blog post
[5] on how I think it can be added to RPM spec files.
Is this something that we can add to the official Packaging
documentation? I'd be willing to work on this! Any ideas, feedback?
Regards,
François
[1]
https://latacora.micro.blog/2019/07/16/the-pgp-problem.html
[2]
https://github.com/jedisct1/minisign
[3]
https://apps.fedoraproject.org/packages/minisign
[4]
https://docs.fedoraproject.org/en-US/packaging-guidelines/#_source_file_v...
[5]
https://www.tuxed.net/fkooman/blog/minisign.html