infrastructure request: signed releases
BrainDamage opened this issue · 1 comments
BrainDamage commented
It'd be nice if the release tarballs were pgp/gpg signed so that their authenticity and integrity could be verified independently of the host
bonus points if you could sign the release commits too, so the same could be applied to the git repository
rapier1 commented
Hey, sorry I haven't replied earlier. I'm working on this. The RPMS and debs are signed. I should get everything else signed soon.