Re: [code] [textadept] Secure download and build

From: <xsek.att.openmailbox.org>
Date: Wed, 18 Nov 2015 12:35:01 +0000

On 2015-11-17 01:52, Mitchell wrote:
> I belive I've managed to support this.
>
> 1. Next to each download on the downloads page is a PGP signature.
> 2. At the top of the downloads page is my PGP public key.
> 3. Nightly builds also have a signature that you can retrieve by
> requesting the filename with a '.asc' extension (you'll have to
> request this manually for now).
> 4. Currently, only the nightlies contain PGP signatures for all
> dependency archives, and those signatures are in the "src/" directory.
> Subsequent releases of Textadept will contain these signatures.
> 5. After running `make deps` to fetch dependencies, running `make
> verify-deps` will check the known signatures against the downloads.
> That way you'll know if your download is exactly what Textadept was
> compiled against. IMPORTANT: since only nightly builds contain archive
> signatures at the moment, you must run `make deps NIGHTLY=1` to fetch
> dependencies. Otherwise, foicica.com's dependencies will not check
> out.
> 6. I've updated my self-signed SSL cert in case you want to download
> anything else over HTTPS (the PGP key will use HTTPS by default).
>
> Let me know if you have questions or issues.
>
> Cheers,
> Mitchell

Sounds great! I`ll try it soon, thanks :)

-- 
You are subscribed to code.att.foicica.com.
To change subscription settings, send an e-mail to code+help.att.foicica.com.
To unsubscribe, send an e-mail to code+unsubscribe.att.foicica.com.
Received on Wed 18 Nov 2015 - 07:35:01 EST

This archive was generated by hypermail 2.2.0 : Thu 19 Nov 2015 - 06:27:17 EST