[dev] Signing Packages
Michael M Slusarz
slusarz at horde.org
Thu Oct 17 21:04:16 UTC 2013
For security reasons, we should be signing our packages. This is
easily done via 'pear sign [packagefile]'.
Granted, there isn't any easy utility to *verify* the signature (at
least in PEAR itself). But wouldn't hurt to be doing this going
forward.
FYI: The signature is based on the package.xml file. So verifying is done by:
gpg --verify package.sig package.xml
michael
___________________________________
Michael Slusarz [slusarz at horde.org]
More information about the dev
mailing list