Closed leifj closed 7 years ago
I uploaded a signature for the .tar.gz
at sourceforge.net
https://sourceforge.net/projects/pyscard/files/pyscard/pyscard%201.9.4/
The github archive is generated automatically by github, not by me. Do you have a documentation on signing a release on github?
I also tried to add a signature file on https://pypi.python.org/pypi/pyscard/1.9.4 but it looks like it is only possible to do that while uploading the archive itself.
https://github.com/blog/2144-gpg-signature-verification https://wiki.debian.org/Creating%20signed%20GitHub%20releases
those should help with github signatures
Also - thx a bunch for the quick reply on that. You wouldn't have any useful contacts with the folks who do the ACS ccid driver? I've been trying to get them to do the same thing...
I uploaded a GPG signature for https://github.com/LudovicRousseau/pyscard/releases/tag/release-1.9.4
I will try to sign my tags next times.
My ACS contact is Godfrey Chung, the Debian maintainer of the acsccid driver. You can get his email from https://tracker.debian.org/pkg/acsccid
thx :-)
Would it be possible to generate signed release tarballs or signed tags on github with a PGP key ?