search

include-what-you-use / include-what-you-use

A tool for use with clang to analyze #includes in C and C++ source files
https://include-what-you-use.org
Other
4.13k stars 387 forks source link

Signed Releases #1595

Open JulianWong-Arista opened 2 months ago

JulianWong-Arista commented 2 months ago

Is it possible to get signed releases of include-what-you-use?

I am looking for a detached signature in addition to the release tarballs (https://wiki.debian.org/Creating%20signed%20GitHub%20releases).

Thanks in advance

kimgr commented 2 months ago

I haven't really thought about it, and I don't have any experience with signed releases, so it would take some energy to figure it out. Thanks for the link, that's a good start. I'm not a GPG user, so I have some learning to do.

Is the primary use case to prevent man-in-the-middle tampering when tarballs are being downloaded?

JulianWong-Arista commented 2 months ago

Ya, just a safety check to ensure there is no tampering