[fpc-pascal] FPC 3.0.4 released!
Graeme Geldenhuys
mailinglists at geldenhuys.co.uk
Fri Dec 1 00:50:29 CET 2017
On 2017-11-30 23:35, Tomas Hajny wrote:
> Obviously, there are more secure mechanisms (let's take
> Debian packages with their signatures as an example), but these require
> more overhead (especially with different release makers for different
Not every release maker needs to create there own checksums. Only one
person needs to do a checksum against all release files in a directory
(at the end of the release builds). You then have a CHECKSUM file
listing all release files. If you want to be extra paranoid, then yes,
use GnuPG and sign that file. Again, you only need one GnuPG key used by
all Free Pascal releases. Creating the GnuPG key is a once off task.
Generating the summary checksum file and signing it can all be scripted
(probably in the same script that uploads all the release files to the
server).
Regards,
Graeme
--
fpGUI Toolkit - a cross-platform GUI toolkit using Free Pascal
http://fpgui.sourceforge.net/
My public PGP key: http://tinyurl.com/graeme-pgp
More information about the fpc-pascal
mailing list