Publish PGP signed tarball without generated content?
Stuart Henderson
stu at spacehopper.org
Thu Apr 18 19:35:39 AEST 2024
On 2024/04/18 10:06, Damien Miller wrote:
> I think we're going to check in the autoconf-generated files on the
> release branches instead.
That seems a sane approach.
> On Wed, 17 Apr 2024, Simon Josefsson wrote:
> > and then publish the resulting openssh-9.7p1-src.tar.gz and
> > openssh-9.7p1-src.tar.gz.asc files, preferably using a version of git
> > that leads to archives that are identical to what GitHub currently
> > publish.
More than git is involved in this - it also depends on versions of
things like tar and gzip. And github don't guarantee that these files
won't change.
More information about the openssh-unix-dev
mailing list