Add verification for snapshot downloads

phpmyadmin / scripts

Various scripts related to project

15 stars 19 forks source link

Add verification for snapshot downloads #50

Open emanuelb opened 7 years ago

emanuelb commented 7 years ago

Snapshot downloads from edge-4.7 & edge-4.8 branches are not passed verification (PGP signing with developer keys can't be used as it's auto daily builds...) possible solutions:

use bot that update the Dockerfile to contain sha256 verification (the hash inside the Dockerfile) everytime a new snapshot is available. (does it may cause syncing problems? aka old Dockerfile files won't work as the resource URL is static...)
auto sign the snapshots with bot GPG key (and use it only in keystore)

williamdes commented 3 years ago

As far as I know edge- branches are no more supported

williamdes commented 1 year ago

Moved here, as we should GPG sign snapshots as I said in #39