logo

blog

My website can't be that messy, right? git clone https://hacktivis.me/git/blog.git
commit: a3d9359729ca2c53ba351401c5b4508fb039f8eb
parent 5f0eb4485a21f86db49a91cf1052708b86d97ce5
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date:   Thu, 22 Oct 2020 02:09:03 +0200

projects/badwolf: Add signify note

Diffstat:

Mprojects/badwolf.shtml4++++
1 file changed, 4 insertions(+), 0 deletions(-)

diff --git a/projects/badwolf.shtml b/projects/badwolf.shtml @@ -47,6 +47,10 @@ <li>From source: <code><a href="https://hacktivis.me/releases/badwolf-1.0.3.tar.gz">badwolf-1.0.3.tar.gz</a></code> (<a href="https://hacktivis.me/releases/badwolf-1.0.3.tar.gz.sign">signify/minisign</a>) <a href="https://hacktivis.me/releases/badwolf-1.0.3.txt">changelog</a></li> </ul> <p>BadWolf is using <a href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a> with considering that the User-Interface is part of the interface stabilisation. Release branches (ie. <code>1.0.x</code>) are supported for 6 months for any bug fixes and 2 years for security fixes.</p> + <p> + Tarball signature check: <a href="https://flak.tedunangst.com/post/signify">signify</a>/<a href="https://github.com/jedisct1/minisign">minisign</a> is the recommended tool to use, you can find my key at <a href="https://hacktivis.me/releases/signify/2020-05.pub">/releases/signify/2020-05.pub</a>, you can find more info about how I manage the keyset in: <a href="/articles/Bootstrapping%20signify%20for%20my%20assets">Bootstrapping signify for my assets</a>.<br /> + The command to verify the tarball looks like this: <code><kbd>signify -V -p signify/2020-05.pub -x badwolf-1.0.3.tar.gz.sign -m badwolf-1.0.3.tar.gz</kbd></code> + </p> <h2>Tested and supported platforms</h2> <dl>