risdenk
commented
8 years ago Another thing that was just introduced. https://github.com/blog/2144-gpg-signature-verification
Open busbey opened 9 years ago
risdenk
commented
8 years ago Another thing that was just introduced. https://github.com/blog/2144-gpg-signature-verification
busbey
commented
8 years ago yeah that's been nice on the other projects I'm involved with. Right now we do get a green verified marker next to the 0.5.0 release since @cmccoy signed that tag when he made it.
we should sign releases, both the tag and the binaries we offer for download.
we can also improve our presentation of checksums for the binaries by just including a single hash for each artifact in the release notes and/or making a single file with all of the hashes rather than the current one-per-artifact.