22 Feb
2016
22 Feb
'16
10:21 a.m.
Mon, 22 Feb 2016 16:22:40 +0100 Christian Rebischke <Chris.Rebischke@archlinux.org>:
What do you think about using SHA256 ( or even better SHA512 ) for this? Maybe we should also sign the ISO with a GPG-Key.
The ISO is already signed: https://www.archlinux.org/iso/2016.02.01/archlinux-2016.02.01-dual.iso.sig Dunno how it's done though, I would have expected something around here: https://projects.archlinux.org/archiso.git/tree/configs/releng/build.sh#n204 ... perhaps it's done manually on upload. Also see https://bugs.archlinux.org/task/47775 and https://lists.archlinux.org/pipermail/arch-releng/2016-February/003634.html for a more universal/personal approach. --byte