Open udf2457 opened 5 months ago
Hello, Thank you for the suggestion but I don't understand what signing releases refer to here. Some information is missing. Is it the PGP ASC file for the downloads? Or do you refer to the Docker releases.
Hi
As in https://github.com/netsampler/goflow2/releases
No signatures present (and not even a checksums file, but signatures are preferable to that)
So yes, I guess "PGP ASC file for the downloads" (or an alternative equivalent).
You can even do it fully-automated via Github Actions, Github OIDC and Sigstore "keyless" signing.