After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 794622 - RFE: 'ftpadmin install' should allow install of a detached GPG signature file alongside each tarball
RFE: 'ftpadmin install' should allow install of a detached GPG signature fil...
Status: RESOLVED OBSOLETE
Product: sysadmin
Classification: Infrastructure
Component: Other
unspecified
Other Linux
: Normal normal
: ---
Assigned To: GNOME Sysadmins
GNOME Sysadmins
Depends on:
Blocks: 774000
 
 
Reported: 2018-03-23 14:12 UTC by Daniel P. Berrange
Modified: 2018-09-21 15:30 UTC
See Also:
GNOME target: ---
GNOME version: ---


Description Daniel P. Berrange 2018-03-23 14:12:30 UTC 
I want to be able to provide GPG signatures for tarballs of gtk-vnc I upload, but the 'ftpadmin install' only appears to want tarballs as arguments.

It should allow maintainer to provide a detached signature with a name of '$TARBALL.asc', and upload that to the ftp site. This is more trustworthy than the checksums ftpadmin creates, which can be easily tampered with at same time as the tarballs by a malicious actor.

This would of course mean the maintainer must provide the tarball in tar.xz format, so that ftpadmin doesn't try do tarball recompression, but that's reasonable enough.

eg I would like todo

    ftpadmin install gtk-vnc-0.7.2.tar.xz gtk-vnc-0.7.2.tar.xz.asc
Comment 1 GNOME Infrastructure Team 2018-09-21 15:30:15 UTC 
-- GitLab Migration Automatic Message --

This bug has been migrated to GNOME's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.gnome.org/Infrastructure/Infrastructure/issues/35.