diff options
| author |   Michał Górny <mgorny@gentoo.org> | 2022-09-21 20:14:09 +0200 |
|---|---|---|
| committer |   Ulrich Müller <ulm@gentoo.org> | 2022-11-13 21:19:41 +0100 |
| commit | e10ae4cbdd5233b5a249728b26cd4aeed20a85f5 (patch) | |
| tree | 2efb565e739975d788223287acf6cdf702dc42fd | |
| parent | glep-0078: Clarify that Manifest is signed too (diff) | |
| download | glep-e10ae4cbdd5233b5a249728b26cd4aeed20a85f5.tar.gz glep-e10ae4cbdd5233b5a249728b26cd4aeed20a85f5.tar.bz2 glep-e10ae4cbdd5233b5a249728b26cd4aeed20a85f5.zip | |
glep-0078: Clarify that Manifest must be present for signed binpkg
Signed-off-by: Michał Górny <mgorny@gentoo.org>
Signed-off-by: Ulrich Müller <ulm@gentoo.org>
| -rw-r--r-- | glep-0078.rst | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/glep-0078.rst b/glep-0078.rst index d77576a..3c7e899 100644 --- a/glep-0078.rst +++ b/glep-0078.rst @@ -228,6 +228,11 @@ If the Manifest is present, all files contained in the archive must be listed in it and verify successfully. The package manager should ignore unknown files but preserve them across package updates. +For a binary package to be considered signed and suitable for +authenticity verification, the Manifest file must be present and contain +a valid signature. It is recommended to include detached signatures +for archive members as well. + Permitted .tar format features ------------------------------ |