commit: eed27e76683a5a3e0b8c577594766fc487264906
parent 6f93194dfd936bda373436f76c13bcc48bb79a50
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Thu, 22 Oct 2020 02:09:03 +0200
projects/badwolf: Add signify note
Diffstat:
1 file changed, 4 insertions(+), 0 deletions(-)
diff --git a/projects/badwolf.shtml b/projects/badwolf.shtml
@@ -47,6 +47,10 @@
<li>From source: <code><a href="https://hacktivis.me/releases/badwolf-1.0.3.tar.gz">badwolf-1.0.3.tar.gz</a></code> (<a href="https://hacktivis.me/releases/badwolf-1.0.3.tar.gz.sign">signify/minisign</a>) <a href="https://hacktivis.me/releases/badwolf-1.0.3.txt">changelog</a></li>
</ul>
<p>BadWolf is using <a href="https://semver.org/spec/v2.0.0.html">Semantic Versioning</a> with considering that the User-Interface is part of the interface stabilisation. Release branches (ie. <code>1.0.x</code>) are supported for 6 months for any bug fixes and 2 years for security fixes.</p>
+ <p>
+ Tarball signature check: <a href="https://flak.tedunangst.com/post/signify">signify</a>/<a href="https://github.com/jedisct1/minisign">minisign</a> is the recommended tool to use, you can find my key at <a href="https://hacktivis.me/releases/signify/2020-05.pub">/releases/signify/2020-05.pub</a>, you can find more info about how I manage the keyset in: <a href="/articles/Bootstrapping%20signify%20for%20my%20assets">Bootstrapping signify for my assets</a>.<br />
+ The command to verify the tarball looks like this: <code><kbd>signify -V -p signify/2020-05.pub -x badwolf-1.0.3.tar.gz.sign -m badwolf-1.0.3.tar.gz</kbd></code>
+ </p>
<h2>Tested and supported platforms</h2>
<dl>
