Unable to verify GitHub Release Signature

IBM-Cloud / terraform-provider-ibm

https://registry.terraform.io/providers/IBM-Cloud/ibm/latest/docs

Mozilla Public License 2.0

341 stars 670 forks source link

Unable to verify GitHub Release Signature #1955

Open whereswaldon opened 4 years ago

whereswaldon commented 4 years ago

Hey all! I noticed that you provide PGP-signed releases, which is awesome. However, I can't find an authoritative copy of your signing key anywhere within the documentation of this repository or the IBM Cloud terraform docs. How do I get the PGP key to properly verify your releases?

Thanks!

whereswaldon commented 4 years ago

I was able to verify the contents of the inside of the zip archive with:

$ openssl dgst -sha256 -verify terraform-provider-ibm_v1.13.1.pem -signature terraform-provider-ibm_v1.13.1.sig terraform-provider-ibm_v1.13.1

Verified OK

However, I would still really like to know where to get your PGP signing key.