Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Wed, 13 Nov 2019 13:33:00 +0000
From: Patrick Schleizer <>
Subject: LKRG packagers / downstream wishlist

upstream: LKRG

downstream: Whonix, Kicksecure, me

# signed git tags

Currently there are no git tags. So it's hard for me to compare LKRG 0.7
with LKRG master branch.

This is how my "usual" request for signed git tags looks like:

# signed git commits

I don't speak C. Even if I did, in reference to the Obfuscated C Code
Contest I can absolutely not verify the diff between a signed release
(tarball or git tag) versus newer commits in the git master branch. I
mean, if a malicious third party in transfer (git server hack or
something) made minor malicious modifications, I couldn't spot it.
Therefore I would like to verify, that the git head is coming from you,
signed by OpenPGP (or something) rather than an unknown third party

# version numbers

If I build a package, I need to define the upstream version number. Git
master doesn't provide version numbers. Therefore, each git head [1]
would ideally be a signed git tag.

[1] When pasting 5 (or any number) of commits per day, only the last
commit would need to be referenced with a signed it tag.

This is not too important. Otherwise I would just invent a "virtual"
version number.


(the syntax fir Debian packaing is:)

(epoch is bumped if upstream changed version scheme.)
(debian-revision is for packaging only changes.)

# logo

Could you please cut the black from the logo? No changes to
the logo just imo too much black space the the upper and lower part. (I
don't mean to say "remove all black".) Or provide an alternative
logo? Or could I do that and use the "cut" logo instead?

Kind regards,

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.