Re: First community release
On Wed, Nov 30, 2011 at 12:41 PM, Doron Fediuck <dfediuck(a)redhat.com> wrote:
1. All tarballs should have md5 / other hash published
in the downloads page and possibly a hash file with the tarball.
SHA512 please e.g. http://collectd.org/files/SHA512SUM
2. Each distro will sign its packages in its own means,
such as signing key, certificate, etc.
It would be nice if upstream release manager could sign release tag in git.
Alan