Sign git tags on new releases
emanuelb opened this issue · 2 comments
Currently tags in repo are not signed:
https://github.com/trustee-wallet/trusteeWallet/tags
see for more info on how to sign:
https://help.github.com/en/github/authenticating-to-github/signing-tags
also upload related public key to github (so it will be shown as verified instead of unverified in github UI)
https://help.github.com/en/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account
why it's important:
https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-qubes-repos
We are currently redesigning our CI / CD process to improve the unification of builds and minimize the differences between internal and public processes, as well as increase the transparency of development. This and other recommendations we will apply in the updated CI / CD
Added signing for release tags