Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign releases using a PGP key #2182

Open
mitchellrj opened this issue Dec 24, 2021 · 1 comment
Open

Sign releases using a PGP key #2182

mitchellrj opened this issue Dec 24, 2021 · 1 comment

Comments

@mitchellrj
Copy link

It would be nice to be able to verify release file signatures with PGP, either through signatures of the file directly or signatures of the checksum file. Particularly in light of the recent issues with codecov.

A common way to achieve this is to include checksum files in your release artifacts, along with a signature of that checksum file. Alternatively each file in the release can be signed individually.

Thank you for your consideration.

@sriv
Copy link
Member

sriv commented Dec 24, 2021

Thanks for raising this @mitchellrj , this makes even more sense since gauge no longer signs the binaries. Would you be interested in sending a pull request?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Development

No branches or pull requests

2 participants