search

rizinorg / rizin

UNIX-like reverse engineering framework and command-line toolset.
https://rizin.re
GNU Lesser General Public License v3.0
2.54k stars 342 forks source link

Provide hashes and signatures for releases #3786

Open XVilka opened 10 months ago

XVilka commented 10 months ago

Just a pretty standard GPG and SHA256 information for all assets attached to the GitHub release.

ret2libc commented 10 months ago

I'm not sure I'd trust https://github.com/rnpgp/release-sign . I'd just go with a manual process following the second link.

We should also add it to the RELEASE issue template.

ret2libc commented 5 months ago

I think we should use https://www.sigstore.dev/ .

XVilka commented 5 months ago

@ret2libc last time I checked it mainly targeted containers.

ret2libc commented 5 months ago

Nah, it works for all kind of releases.

XVilka commented 4 months ago

No time for this in this release. Moving to the next one