| commit | 0106f555736c5a94052b758cc09f7ca4ac40a454 | |
| author | Jonathan Nieder <jrnieder@gmail.com> | |
| Mon, 28 Jan 2019 00:54:58 +0000 (27 16:54 -0800) | ||
| committer | Jonathan Nieder <jrnieder@gmail.com> | |
| Mon, 28 Jan 2019 00:54:58 +0000 (27 16:54 -0800) | ||
| tree | d6bd7c447d7f23e2f42d5712ad1e1667197ae334 | treesnapshot (tar.gz zip) |
| parent | a9c81252e0db470509cb4f618ffeb7c12d4ed37a | commitdiff |
debian/watch: Download upstream source more securely
Use https instead of http for transport for transport-layer privacy
and integrity protection. More importantly, specify pgpsigurlmangle
and a signing key to allow "uscan" to check that the tarball was
genuinely released by Lasse Collin.
Based on advice from Policy 4.11.
While we're here, use the XZ compressed tarball, since it's a little
smaller.
Use https instead of http for transport for transport-layer privacy
and integrity protection. More importantly, specify pgpsigurlmangle
and a signing key to allow "uscan" to check that the tarball was
genuinely released by Lasse Collin.
Based on advice from Policy 4.11.
While we're here, use the XZ compressed tarball, since it's a little
smaller.
| debian/changelog | diffblobblamehistory | |
| debian/upstream/signing-key.asc | [new file with mode: 0644] | blob |
| debian/watch | diffblobblamehistory |