Provide signatures for the downloadable phar files
[ standard ] Sign the releases and upload the .asc files along with the .phar archives.
Problem/Motivation
Drupal Console is a great project, and people use it every day on all sorts of environments, and I believe it's important that we provide a signature to verify the installation first.
Provide signatures for the downloadable phar files
[ standard ] Sign the releases and upload the
.asc
files along with the.phar
archives.Problem/Motivation
Drupal Console is a great project, and people use it every day on all sorts of environments, and I believe it's important that we provide a signature to verify the installation first.
Ideally, can we upload a gpg signature so users can verify the
.phar
archives? It will also make it possible to download the this using the Phive tool: https://phar.io/howto/sign-and-upload-to-github.htmlThanks