Zandronum Chat @ irc.zandronum.com
#zandronum
Get the latest version: 3.0
Source Code

View Issue Details Jump to Notes ] Issue History ] Print ]
IDProjectCategoryView StatusDate SubmittedLast Update
0003275Doomseeker[All Projects] Suggestionpublic2017-09-25 16:422018-09-01 12:16
ReporterWubTheCaptain 
Assigned To 
PriorityhighSeverityfeatureReproducibilityN/A
StatusnewResolutionopen 
PlatformOSOS Version
Product Version 
Target VersionFixed in Version 
Summary0003275: Sign tarball releases with OpenPGP keys
DescriptionPlease sign tarball releases of Doomseeker, its plugins and libwadseeker with OpenPGP keys. This is used for cryptographic integrity verification.

For an additional benefit, this would prevent a malicious actor from replacing the downloads with malicious versions undetected without also possessing the private key to sign the releases.

Debian also makes a recommendation to sign tarballs in their Upstream Guide.
Steps To ReproduceSignature files should appear at:https://doomseeker.drdteam.org/files/ [^]
Additional Informationhttps://wiki.debian.org/UpstreamGuide#Tarballs [^]

OpenPGP signatures can be created with free software (GnuPG):https://gnupg.org/ [^]
Attached Files

- Relationships
child of 0003279acknowledged List of Debian issues (misc/non-policy) 

-  Notes
User avatar (0018406)
WubTheCaptain (developer)
2017-09-27 22:55
edited on: 2017-09-27 23:03

From a Debian maintainer's perspective, OpenPGP signatures are optionally used for quality control and maintenance with the uscan utility. Emphasis that this is completely optional to both the software and Debian maintainer. (Debian Policy Manual v4.1.0.0, section 4.11.)

User avatar (0019474)
WubTheCaptain (developer)
2018-09-01 12:16

Can this be a target for 1.2? I'd like to know if 0003483 should be related to this ticket.

Issue Community Support
Only registered users can voice their support. Click here to register, or here to log in.
Supporters: No one explicitly supports this issue yet.
Opponents: No one explicitly opposes this issue yet.

- Issue History
Date Modified Username Field Change
2017-09-25 16:42 WubTheCaptain New Issue
2017-09-25 17:37 Zalewa Relationship added child of 0003246
2017-09-27 22:32 WubTheCaptain Relationship added child of 0003279
2017-09-27 22:32 WubTheCaptain Relationship deleted child of 0003246
2017-09-27 22:55 WubTheCaptain Note Added: 0018406
2017-09-27 22:56 WubTheCaptain Note Edited: 0018406 View Revisions
2017-09-27 22:56 WubTheCaptain Note Edited: 0018406 View Revisions
2017-09-27 23:03 WubTheCaptain Note Edited: 0018406 View Revisions
2018-09-01 12:16 WubTheCaptain Note Added: 0019474






Questions or other issues? Contact Us.

Links


Copyright © 2000 - 2018 MantisBT Team
Powered by Mantis Bugtracker