Ocramius
commented
4 years ago Possibly feasible once we move to github actions, and then we can use an organization secret where to store a GPG signing (sub-)key
Open sebastianbergmann opened 4 years ago
Ocramius
commented
4 years ago Possibly feasible once we move to github actions, and then we can use an organization secret where to store a GPG signing (sub-)key
sebastianbergmann
commented
4 years ago Thank you for considering this!
sebastianbergmann
commented
4 years ago The 5.0.0 release does not have a PHAR (yet). Will one be published? Thanks!
Ocramius
commented
4 years ago Guess something broke (AGAIN) in the travis publishing logic.
Ocramius
commented
4 years ago @sebastianbergmann for now, I attached a manually built phar to the release @ https://github.com/Roave/BackwardCompatibilityCheck/releases/tag/5.0.0
Because the PHP Archives (PHARs) of this tool are currently not signed, the
--force-accept-unsignedoption is required when using Phive to install/update this tool.Please consider signing the PHP Archives (PHARs) of this tool with a GPG key and publish that signature alongside the signed PHAR so that
--force-accept-unsignedis not required when using Phive.Thank you!