summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2022-09-21 20:14:09 +0200
committerUlrich Müller <ulm@gentoo.org>2022-11-13 21:19:41 +0100
commite10ae4cbdd5233b5a249728b26cd4aeed20a85f5 (patch)
tree2efb565e739975d788223287acf6cdf702dc42fd
parentglep-0078: Clarify that Manifest is signed too (diff)
downloadglep-e10ae4cbdd5233b5a249728b26cd4aeed20a85f5.tar.gz
glep-e10ae4cbdd5233b5a249728b26cd4aeed20a85f5.tar.bz2
glep-e10ae4cbdd5233b5a249728b26cd4aeed20a85f5.zip
glep-0078: Clarify that Manifest must be present for signed binpkg
Signed-off-by: Michał Górny <mgorny@gentoo.org> Signed-off-by: Ulrich Müller <ulm@gentoo.org>
-rw-r--r--glep-0078.rst5
1 files changed, 5 insertions, 0 deletions
diff --git a/glep-0078.rst b/glep-0078.rst
index d77576a..3c7e899 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -228,6 +228,11 @@ If the Manifest is present, all files contained in the archive must
be listed in it and verify successfully. The package manager should
ignore unknown files but preserve them across package updates.
+For a binary package to be considered signed and suitable for
+authenticity verification, the Manifest file must be present and contain
+a valid signature. It is recommended to include detached signatures
+for archive members as well.
+
Permitted .tar format features
------------------------------