Add gpg signatures whenever releasing ruby source tarballs
I was one of the unfortunate people quick enough to grab the buggy version of ruby that contained bug #6040 as announced here:
Someone notified me that the md5sums used for our package didn't match.
It would be nice to have a gpg sig released with every ruby release so we can be sure it came from you guys without having to worry and search for rerelease notes.
#1 [ruby-core:43936] Updated by mame (Yusuke Endoh) over 5 years ago
- Status changed from Open to Feedback
I'm not sure if I understand your problem correctly.
I guess gpg does not work for you.
Could you elaborate your situation, and explain how gpg solves your problem?
Yusuke Endoh firstname.lastname@example.org