You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It would be nice to be able to verify release file signatures with PGP, either through signatures of the file directly or signatures of the checksum file. Particularly in light of the recent issues with codecov.
A common way to achieve this is to include checksum files in your release artifacts, along with a signature of that checksum file. Alternatively each file in the release can be signed individually.
Thank you for your consideration.
The text was updated successfully, but these errors were encountered:
Thanks for raising this @mitchellrj , this makes even more sense since gauge no longer signs the binaries. Would you be interested in sending a pull request?
It would be nice to be able to verify release file signatures with PGP, either through signatures of the file directly or signatures of the checksum file. Particularly in light of the recent issues with codecov.
A common way to achieve this is to include checksum files in your release artifacts, along with a signature of that checksum file. Alternatively each file in the release can be signed individually.
Thank you for your consideration.
The text was updated successfully, but these errors were encountered: