1 |
Signed-off-by: Michał Górny <mgorny@g.o> |
2 |
--- |
3 |
glep-0078.rst | 5 +++++ |
4 |
1 file changed, 5 insertions(+) |
5 |
|
6 |
diff --git a/glep-0078.rst b/glep-0078.rst |
7 |
index ab28aed..733d8d7 100644 |
8 |
--- a/glep-0078.rst |
9 |
+++ b/glep-0078.rst |
10 |
@@ -228,6 +228,11 @@ If the Manifest is present, all files contained in the archive must |
11 |
be listed in it and verify successfully. The package manager should |
12 |
ignore unknown files but preserve them across package updates. |
13 |
|
14 |
+For a binary package to be considered signed and suitable for |
15 |
+authenticity verification, the Manifest file must be present and contain |
16 |
+a valid signature. It is recommended to include detached signatures |
17 |
+for archive members as well. |
18 |
+ |
19 |
|
20 |
Permitted .tar format features |
21 |
------------------------------ |
22 |
-- |
23 |
2.37.3 |