public key signature for installer
tvannahl opened this issue · 1 comments
tvannahl commented
Hello,
I'm searching for a way to validate the authenticity of the composer installer. I did find a page referencing public keys for snapshots and tags but I did not manage to find a real signature file related to either composer-install.php
nor composer.phar
.
Unfortunately https://composer.github.io/installer.sig does not contain a signature but only a hash value of composer-install.php
.
Maybe this is something I missed?
Seldaek commented
There are no signatures no only the checksum.