Public
- Public
- Network
- Groups
- Featured
- Popular
- People

Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://fosstodon.org/users/drewdevault/statuses/112200890689404736">Drew DeVault (drewdevault@fosstodon.org)'s status on Tuesday, 02-Apr-2024 19:38:12 JST</a><a href="https://fosstodon.org/@drewdevault" title="drewdevault@fosstodon.org"><img src="https://gnusocial.jp/avatar/55465-48-20221206192441.webp" width="48" height="48" alt="Drew DeVault" style="position: absolute; left: 0; top: 0;">Drew DeVault</a></section><article><p>It's not very popular, but I wonder if signing release tarballs with the release manager's private key would go some ways towards alleviating xz-esque woes, at the very least making distros aware that an upstream has changed hands and having to do due diligence to fix their builds</p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/2891473#notice-5746179">In conversation</a><time datetime="2024-04-02T19:38:12+09:00" title="Tuesday, 02-Apr-2024 19:38:12 JST">about 8 months ago</time> <span>from <span><a href="https://fosstodon.org/@drewdevault/112200890689404736" rel="external" title="Sent from fosstodon.org via ActivityPub">fosstodon.org</a></span></span><a href="https://fosstodon.org/@drewdevault/112200890689404736">permalink</a></footer></blockquote>

Corresponding Notice

Embed this notice
Drew DeVault (drewdevault@fosstodon.org)'s status on Tuesday, 02-Apr-2024 19:38:12 JST Drew DeVault
It's not very popular, but I wonder if signing release tarballs with the release manager's private key would go some ways towards alleviating xz-esque woes, at the very least making distros aware that an upstream has changed hands and having to do due diligence to fix their builds
In conversationabout 8 months ago from fosstodon.orgpermalink

Public

Embed Notice

HTML Code

Corresponding Notice