Closed diizzyy closed 5 months ago
Could you just use git tags? They're safer than a third party's code, and they're signed.
If you're referring to the "source code" packages (https://github.com/cyanreg/cyanrip/archive/refs/tags/v0.9.2.tar.gz and zip) these aren't guaranteed to be stable (see like above) over time.
For clarification, Example: https://github.com/libsndfile/libsndfile/releases/tag/1.2.2
I think with the recent .xz issues and everyone switching to git tags instead, this doesn't need to be open anymore.
Not sure what repos you're looking at but that doesn't seem to be the case for the majority but oh well...
If by assets you mean manually creating signed archives and manually uploading them upon release, I can do that.
That would be great, thanks in advance! :-)
Earlier this year GitHub announced that generated source archives are only stable for a year, this will likely cause major issues for anyone trying to package Cyanrip longterm. Please consider uploading release source code archives.
Reference: https://github.blog/2023-02-21-update-on-the-future-stability-of-source-code-archives-and-hashes/