stevedekorte
commented
9 years ago This is a good idea that I'd like to look into when time permits. Thanks for the suggestion.
Open dionyziz opened 9 years ago
stevedekorte
commented
9 years ago This is a good idea that I'd like to look into when time permits. Thanks for the suggestion.
The current git tags used for releases are lightweight and not annotated. This is not suggested for release tags. Let's do the following:
The latter step is crucial if the PKI hierarchy for HTTPS is not expected to be trusted. The bitmessage threat model involves bad actors who can control the PKI hierarchy, and thus should not be relied upon for. While most users can rely on HTTPS for their downloads, users who require privacy against powerful actors will want to verify the GPG signatures on the binaries, so GPG-signing tags is important.