Is your feature request related to a problem? Please describe.
Hi, I maintain your project on Arch Linux's AUR. Before I start, I'd like to say thank you for signing all of your artifacts with a GPG key. I don't see this as often as I should.
That being said, the only thing missing are signed tags or, at the very least, a source tarball signature file.
Describe the solution you'd like
I'd like to see one or the other items above implemented. To elaborate a bit on the source signature file, GitHub automatically makes source tarballs available for download for each tag. Ideally I'd like to be able to download a signature file for this tarball so that I as a package maintainer can have both checksums and a signature to check against without needing to download the entire git repo.
Is your feature request related to a problem? Please describe.
Hi, I maintain your project on Arch Linux's AUR. Before I start, I'd like to say thank you for signing all of your artifacts with a GPG key. I don't see this as often as I should.
That being said, the only thing missing are signed tags or, at the very least, a source tarball signature file.
Describe the solution you'd like
I'd like to see one or the other items above implemented. To elaborate a bit on the source signature file, GitHub automatically makes source tarballs available for download for each tag. Ideally I'd like to be able to download a signature file for this tarball so that I as a package maintainer can have both checksums and a signature to check against without needing to download the entire git repo.