Closed emanuelb closed 9 months ago
Currently all tags in repo are not signed: https://github.com/airgap-it/airgap-vault/tags
instead of signed, see for example: (click the 'verified' green button) https://github.com/bitcoin-wallet/bitcoin-wallet/tags
see for more info on how to sign: https://help.github.com/en/github/authenticating-to-github/signing-tags
and better read all documentation about git signing at github at: (commit signing as well, etc...) https://help.github.com/en/github/authenticating-to-github/managing-commit-signature-verification
after signing is used, upload the key to github (it will be shown as verified instead of unverified) https://help.github.com/en/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account
why it's important: https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-qubes-repos
Hi, thanks for the suggestion.
We'll take a look at how we can integrate this into our release process.
Currently all tags in repo are not signed: https://github.com/airgap-it/airgap-vault/tags
instead of signed, see for example: (click the 'verified' green button) https://github.com/bitcoin-wallet/bitcoin-wallet/tags
see for more info on how to sign: https://help.github.com/en/github/authenticating-to-github/signing-tags
and better read all documentation about git signing at github at: (commit signing as well, etc...) https://help.github.com/en/github/authenticating-to-github/managing-commit-signature-verification
after signing is used, upload the key to github (it will be shown as verified instead of unverified) https://help.github.com/en/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account
why it's important: https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-qubes-repos