Closed hellais closed 8 years ago
What would be the best way to ensure the authenticity of this image hosted online? Shall we create an offline key used to sign the images?
I would say you sign it with your personal key for the moment. Maybe in the future when we will have in place some sort of build system we can consider having a shared key for signing the images.
The image is out. Updated instructions or in OONI website when the changes are merged.
This means making a tested build of the raspberry pi image somewhere on the web and pointing to it's download location on the lepidopter page.