Simon-Laux
commented
4 years ago Currently this process is manual, but once we got our build script back and running we could add hashes first and then signatures later.
Open SilmorSenedlen opened 4 years ago
Simon-Laux
commented
4 years ago Currently this process is manual, but once we got our build script back and running we could add hashes first and then signatures later.
link2xt
commented
1 year ago Currently this process is manual, but once we got our build script back and running we could add hashes first and then signatures later.
Is there even a single build script for macOS and the rest of the platforms? Aren't .exe and .dmg packages already signed?
Simon-Laux
commented
1 year ago Aren't .exe and .dmg packages already signed?
electron builder does that automatically as long as the signing certificates are provided to it.
ok300
commented
5 months ago Would like to bump this.
It would actually be enough to sign just the checksums file.
🙏
Goog day It would be great if you added PGP signatures to verify authenticity and integrity of downloaded binaries. If this requires a lot of time /effort, then you can publish SHA256 checksum as a temporary solution.