SRPMs?
Opened this issue · 0 comments
bish0polis commented
I see RPMs in the releases. But I'm a little nervous. The chain of validation from source to artifact isn't verifiably sound.
Are you producing SRPMs that you're not showing in the releases? Can we have them built and published as well so we can trivially reproduce the build and compare checksums?
Thanks!