RFE: 'ftpadmin install' should allow install of a detached GPG signature file alongside each tarball
Submitted by Daniel P. Berrange
Assigned to GNOME Sysadmins
Link to original bug (#794622)
Description
I want to be able to provide GPG signatures for tarballs of gtk-vnc I upload, but the 'ftpadmin install' only appears to want tarballs as arguments.
It should allow maintainer to provide a detached signature with a name of '$TARBALL.asc', and upload that to the ftp site. This is more trustworthy than the checksums ftpadmin creates, which can be easily tampered with at same time as the tarballs by a malicious actor.
This would of course mean the maintainer must provide the tarball in tar.xz format, so that ftpadmin doesn't try do tarball recompression, but that's reasonable enough.
eg I would like todo
ftpadmin install gtk-vnc-0.7.2.tar.xz gtk-vnc-0.7.2.tar.xz.asc