[opus] Opus for ASR
Young, Milan
Milan.Young at nuance.com
Tue Sep 18 10:45:11 PDT 2012
> -----Original Message-----
> From: Ralph Giles
> On 12-09-17 12:42 PM, Timothy B. Terriberry wrote:
>
> > Yes, but those only sign the source. All the previous releases also
> > have a SHA1 hash in http://svn.xiph.org/releases/opus/, but that still
> > doesn't say anything about the binaries.
>
> That is also true, but I'm not sure what point you're making.
[Milan] I would prefer to verify the signature on the binary I'll be testing. The signature can be from a person or an automated build system, as long as the secrete part of that signature is not publically distributed. For example, if the signature was embedded in your public make file, that would not be a good signature for this purpose.
>
> Milan, if you hadn't noticed, I've also been signing the opus-tools binaries
> we're hosting at https://ftp.mozilla.org/pub/mozilla.org/opus/
>
> I've only been doing that for releases, though, not every commit like we'd like
> to do with the jenkins builds.
[Milan] I suspect I'll only need to update the tools on major releases, so this will be fine.
Thanks
>
> -r
> _______________________________________________
> opus mailing list
> opus at xiph.org
> http://lists.xiph.org/mailman/listinfo/opus
More information about the opus
mailing list