Open marmarek opened 5 months ago
Currently release assets (like https://github.com/Nitrokey/pynitrokey/releases/download/v0.4.44/nitropy-v0.4.44-x64-linux-binary.tar.gz) are not signed. It seems the only way currently to get authenticated release is to clone git repository, verify signed tag and go from there, but it isn't very convenient for end users. So, can you please sign releases, for example with a detached signature? That's still not as convenient as proper distribution package (https://github.com/Nitrokey/pynitrokey/issues/494 for example), but still an improvement.
Currently release assets (like https://github.com/Nitrokey/pynitrokey/releases/download/v0.4.44/nitropy-v0.4.44-x64-linux-binary.tar.gz) are not signed. It seems the only way currently to get authenticated release is to clone git repository, verify signed tag and go from there, but it isn't very convenient for end users. So, can you please sign releases, for example with a detached signature? That's still not as convenient as proper distribution package (https://github.com/Nitrokey/pynitrokey/issues/494 for example), but still an improvement.