[libvirt] Verifying libvirt release tarballs
Hi!
How can I cryptographically verify libvirt releases?
There are no signature/hash files in http://libvirt.org/sources/.
All I see is that your git release tags are PGP signed.
So, anyone who cares has to ignore everything in http://libvirt.org/sources/
and needs to regenerate the tarball from git.
Or do I miss something?
--
Thanks,
//richard