Sign git tags on new releases

Question

Sign git tags on new releases

emanuelb opened this issue 3 years ago · 2 comments

Currently tags in repo are not signed:
https://github.com/trustee-wallet/trusteeWallet/tags

see for more info on how to sign:
https://help.github.com/en/github/authenticating-to-github/signing-tags

also upload related public key to github (so it will be shown as verified instead of unverified in github UI)
https://help.github.com/en/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account

why it's important:
https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-qubes-repos

Answer 1 · 2021-06-15T09:11:04.000Z

We are currently redesigning our CI / CD process to improve the unification of builds and minimize the differences between internal and public processes, as well as increase the transparency of development. This and other recommendations we will apply in the updated CI / CD

Answer 2 · 2021-08-13T13:47:02.000Z

Added signing for release tags