Bug 73995 - ITS Tool releases could be PGP-signed
Summary: ITS Tool releases could be PGP-signed
Status: NEW
Alias: None
Product: ITS Tool
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: All All
: low enhancement
Assignee: Shaun McCance
QA Contact:
Keywords: security
Depends on:
Reported: 2014-01-23 22:36 UTC by Tanguy Ortolo
Modified: 2014-01-23 22:36 UTC (History)
0 users

See Also:
i915 platform:
i915 features:


Description Tanguy Ortolo 2014-01-23 22:36:09 UTC

It possible, it would be nice to PGP-sign ITS Tool releases, in addition or in place of the existing SHA-256 checksums. That would allow users to check they are not downloading a rogue version created to create a security breach in their systems.

Notably, the Debian operating system can automatically check upstream releases, which allows to build a full security chain since the packages derived from them are also signed!

If you have a working installation of GnuPG, that can be done with the following command:

    $ gpg --detach-sign itstool-2.0.2.tar.bz2


Tanguy Ortolo

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.