[Twisted-Python] Release questions
Laurens Van Houtven
_ at lvh.cc
Wed Apr 3 12:36:06 EDT 2013
On Wed, Apr 3, 2013 at 6:14 PM, Thomas Hervé <therve at free.fr> wrote:
> * Glyph mumbled something about sha sums of the release files, instead
> of md5. Should we pursue that? We may need to update some trac
> integration code.
Depends, what's the goal of the checksums? If it's "we want people to be
able to check that the tarball they have is in fact the release and not
something tainted by patches or malware", perhaps we either should have a
Twisted signing key, or have the release manager sign the release instead
(especially since we have a lot of signatures since PyCon :)).
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Twisted-Python