search

hechoendrupal / drupal-console

The Drupal CLI. A tool to generate boilerplate code, interact with and debug Drupal.
http://drupalconsole.com
GNU General Public License v2.0
940 stars 559 forks source link

Sign .phar releases #3500

Open Ayesh opened 7 years ago

Ayesh commented 7 years ago

Provide signatures for the downloadable phar files

[ standard ] Sign the releases and upload the .asc files along with the .phar archives.

Problem/Motivation

Drupal Console is a great project, and people use it every day on all sorts of environments, and I believe it's important that we provide a signature to verify the installation first.

Ideally, can we upload a gpg signature so users can verify the .phar archives? It will also make it possible to download the this using the Phive tool: https://phar.io/howto/sign-and-upload-to-github.html

Thanks

jmolivas commented 7 years ago

Like the idea need to do some investigation about this topic.