| 1 |
Signed-off-by: Michał Górny <mgorny@g.o> |
| 2 |
--- |
| 3 |
glep-0078.rst | 5 +++++ |
| 4 |
1 file changed, 5 insertions(+) |
| 5 |
|
| 6 |
diff --git a/glep-0078.rst b/glep-0078.rst |
| 7 |
index ab28aed..733d8d7 100644 |
| 8 |
--- a/glep-0078.rst |
| 9 |
+++ b/glep-0078.rst |
| 10 |
@@ -228,6 +228,11 @@ If the Manifest is present, all files contained in the archive must |
| 11 |
be listed in it and verify successfully. The package manager should |
| 12 |
ignore unknown files but preserve them across package updates. |
| 13 |
|
| 14 |
+For a binary package to be considered signed and suitable for |
| 15 |
+authenticity verification, the Manifest file must be present and contain |
| 16 |
+a valid signature. It is recommended to include detached signatures |
| 17 |
+for archive members as well. |
| 18 |
+ |
| 19 |
|
| 20 |
Permitted .tar format features |
| 21 |
------------------------------ |
| 22 |
-- |
| 23 |
2.37.3 |
Archives