[cmake-developers] malware?

Rolf Eike Beer eike at sf-mail.de
Fri Jul 24 13:05:53 EDT 2015


Am Freitag, 24. Juli 2015, 09:54:07 schrieb Alan W. Irwin:
> An additional and obvious security measure is to cryptographically
> sign each file release with a detached armored signature, e.g.,
> 
> gpg --default-key <keyid> --detach-sign --armor cmake-3.3.0.tar.gz
> 
> where keyid is a CMake release manager identification key (also created
> and distributed by gpg).

While at it, one could use the same key to sign the tags in git at the same 
time ;)

Greetings,

Eike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part.
URL: <http://public.kitware.com/pipermail/cmake-developers/attachments/20150724/f1ea8b4d/attachment.sig>


More information about the cmake-developers mailing list