thread-based email index, search, and tagging https://git.notmuchmail.org/git/notmuch/atom?h=debian%2F0.31-1 2020-08-16T15:27:11Z 2020-08-16T15:27:11Z David Bremner david@tethera.net 2020-08-16T15:27:11Z urn:sha1:a1b1fe85c2fe17dcce635b36f3bcb8cf514e3636 Follow the existing practice and remove it under "distclean", same as sh.config and Makefile.config 2020-08-10T00:14:36Z Jonas Bernoulli jonas@bernoul.li 2020-08-08T11:49:49Z urn:sha1:c4541353765dec837c1c2f912b1bf6661827429c Use `makefile-gmake-mode' instead of `makefile-mode' because the former also highlights ifdef et al. while the latter does not. "./Makefile.global" and one "Makefile.local" failed to specify any major mode at all but doing so is necessary because Emacs does not automatically figure out that these are Makefiles (of any flavor). 2020-08-03T23:44:51Z David Bremner david@tethera.net 2020-07-16T11:11:26Z urn:sha1:3f8b01a3ef9e50a772897c67e0146172b3849749 Use a URL https://notmuchmail.org/doc/latest to leave room for a future more ambitious scheme deploying multiple versions. This also forces the html docs to built as part of the release process. In the future this should be updated to tolerate generating a release without sphinx installed. This needs a new target analogous to build-info and build-man that does nothing if sphinx is not installed. 2020-07-03T10:37:00Z David Bremner david@tethera.net 2020-06-16T14:17:55Z urn:sha1:552029f7482ea76806f18b8ef2cbe9c8706b39f4 Today Defalos on #notmuch asked for a signed tarball for 0.30~rc2. This is a minimal change to support this in the future. The question of automagically uploading will need more thought; currently I like the fact that tags from pre-releases are only pushed manually. 2020-07-03T09:38:55Z David Bremner david@tethera.net 2020-06-30T00:22:47Z urn:sha1:3a42abb456893b71b530f099a1467400f2b0ea71 Attempt to avoid breaking "pip install ." As far as I can tell, we need to have a copy (not just a relative symlink) of the version file. 2019-12-20T23:54:11Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2019-12-04T08:47:38Z urn:sha1:7ebb2f5509c175c0efc6682fc7abf89a68f61f7d Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2019-12-03T12:12:30Z David Bremner david@tethera.net 2019-10-20T01:52:56Z urn:sha1:46e96156218e456df3fdd239e8c055220fba667a Put the build product (and tests) in a well known location so that we can find them e.g. from the tests. 2019-03-27T20:59:40Z David Bremner david@tethera.net 2019-03-19T10:08:19Z urn:sha1:4bfbd5baa1e754e18d58dd6b8052a8072c0bfc2f This produces tarballs that are roughly 30% smaller. 2019-03-27T20:54:12Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2019-03-23T12:35:44Z urn:sha1:1f82039e0da1adf078559ef9bf80e2b47858a607 This is just a semantic cleanup -- we have multiple files that are OpenPGP signatures. And while we're probably making signatures with GnuPG, they can be verified with any OpenPGP implementation, so "GPG_" is arguably both not specific enough, and overly-specific. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net> 2019-03-27T20:53:41Z Daniel Kahn Gillmor dkg@fifthhorseman.net 2019-03-23T12:35:43Z urn:sha1:01f9c71312937011c4474688d3d1dd64c14731fb Distribute clearsigned sha256sum file in addition to the detached signature. Verifies that use the sha256sum ensure that the thing signed includes the name of the tarball. This defends the verifier by default against a freeze, rollback, or project substitution attack. A verifier can use something like the following (as expressed in bash): set -o pipefail wget https://notmuchmail.org/releases/notmuch-$VERSION.tar.gz{,.sha256.asc} gpgv --keyring ./notmuch-signers.pgp --output - notmuch-$VERSION.tar.gz.sha256.asc | sha256sum -c - See id:87r2b8w956.fsf@fifthhorseman.net and other messages in that thread for discussion. Signed-off-by: Daniel Kahn Gillmor <dkg@fifthhorseman.net>