I'd like to verify the origin of my packages when they are installed via the drone pipeline. I understand that this would likely require loading my public keyring into the drone environment. It seems that no one has undertaken this effort so far and I might be able to start working on a PR.
Does anyone have thoughts on how to best accomplish this or things to consider? Any reason this hasn't been added yet?
I'd like to verify the origin of my packages when they are installed via the drone pipeline. I understand that this would likely require loading my public keyring into the drone environment. It seems that no one has undertaken this effort so far and I might be able to start working on a PR.
Does anyone have thoughts on how to best accomplish this or things to consider? Any reason this hasn't been added yet?