glep-0078: Clarify that Manifest is signed too

Signed-off-by: Michał Górny <mgorny@gentoo.org> Signed-off-by: Ulrich Müller <ulm@gentoo.org>
author: Michał Górny <mgorny@gentoo.org> 2022-09-21 20:09:13 +0200
committer: Ulrich Müller <ulm@gentoo.org> 2022-11-13 21:19:41 +0100
commit: 6f462732060cdec7b5aa3a952155b55a68490c86 (patch)
tree: 888683b09a4183796d3b664097770f8f3bd56416
parent: glep-0078: Link OpenPGP to RFC 4880 (diff)
download: glep-6f462732060cdec7b5aa3a952155b55a68490c86.tar.gz
glep-6f462732060cdec7b5aa3a952155b55a68490c86.tar.bz2
glep-6f462732060cdec7b5aa3a952155b55a68490c86.zip
1 files changed, 3 insertions, 1 deletions
diff --git a/glep-0078.rst b/glep-0078.rst
index 8b6fabb..d77576a 100644
--- a/glep-0078.rst
+++ b/glep-0078.rst
@@ -328,7 +328,9 @@ the inner archive contents.  This file also provides protection against
 signature reuse/replacement attacks if the OpenPGP signatures are used.
 
 The implementation follows the Manifest specifications in GLEP 74
-[#GLEP74]_ and uses the DATA tag for files within the container.
+and uses the ``DATA`` tag for files within the container.
+If the package is using OpenPGP signatures, the Manifest file must also
+include a cleartext OpenPGP signature as defined in GLEP 74 [#GLEP74]_.
 
 The implementation should be able to detect checksum mismatches,
 as well as missing, duplicate, or extraneous files within
author	Michał Górny <mgorny@gentoo.org>	2022-09-21 20:09:13 +0200
committer	Ulrich Müller <ulm@gentoo.org>	2022-11-13 21:19:41 +0100
commit	6f462732060cdec7b5aa3a952155b55a68490c86 (patch)
tree	888683b09a4183796d3b664097770f8f3bd56416
parent	glep-0078: Link OpenPGP to RFC 4880 (diff)
download	glep-6f462732060cdec7b5aa3a952155b55a68490c86.tar.gz glep-6f462732060cdec7b5aa3a952155b55a68490c86.tar.bz2 glep-6f462732060cdec7b5aa3a952155b55a68490c86.zip