Closed baioc closed 7 months ago
Hi @baioc ,
That's correct.
Now only the .changes file is signed (included in the file packages-sources-and-signatures.tar.gz). If we sign the .deb package, we brake the checksum that appears in the .changes file when building the packages.
Since someone reported that rpm pkgs were not signed, I started signing .deb packages as well. But I think it's better to just sign the .changes file, for consistency.
Alright, I thought the missing signature was a mistake. Since it isn't, I'll close this issue.
Finally, a suggestion: add an optional verification step in the installation instructions, perhaps just pointing users to your public key and the readme.txt.asc
file with signed hashes of the latest release.
Describe the bug The latest version (v1.6.4) of the GUI deb package is not signed.
To Reproduce
Expected behavior