[fpc-pascal] FPC 3.0.4 released!

Graeme Geldenhuys mailinglists at geldenhuys.co.uk
Fri Dec 1 00:50:29 CET 2017

On 2017-11-30 23:35, Tomas Hajny wrote:
> Obviously, there are more secure mechanisms (let's take
> Debian packages with their signatures as an example), but these require
> more overhead (especially with different release makers for different

Not every release maker needs to create there own checksums. Only one 
person needs to do a checksum against all release files in a directory 
(at the end of the release builds). You then have a CHECKSUM file 
listing all release files. If you want to be extra paranoid, then yes, 
use GnuPG and sign that file. Again, you only need one GnuPG key used by 
all Free Pascal releases. Creating the GnuPG key is a once off task. 
Generating the summary checksum file and signing it can all be scripted 
(probably in the same script that uploads all the release files to the 


fpGUI Toolkit - a cross-platform GUI toolkit using Free Pascal

My public PGP key:  http://tinyurl.com/graeme-pgp

More information about the fpc-pascal mailing list