Piccirello
commented
2 years ago I love this idea! I'll see if we can get a signature of the source added to future releases.
Closed lmartinez-mirror closed 2 years ago
Piccirello
commented
2 years ago I love this idea! I'll see if we can get a signature of the source added to future releases.
Piccirello
commented
2 years ago As of v3.33.2, we now include a copy of the source code and its signature as release artifacts.
Is your feature request related to a problem? Please describe.
Hi, I maintain your project on Arch Linux's AUR. Before I start, I'd like to say thank you for signing all of your artifacts with a GPG key. I don't see this as often as I should.
That being said, the only thing missing are signed tags or, at the very least, a source tarball signature file.
Describe the solution you'd like
I'd like to see one or the other items above implemented. To elaborate a bit on the source signature file, GitHub automatically makes source tarballs available for download for each tag. Ideally I'd like to be able to download a signature file for this tarball so that I as a package maintainer can have both checksums and a signature to check against without needing to download the entire git repo.