Open XVilka opened 10 months ago
I'm not sure I'd trust https://github.com/rnpgp/release-sign . I'd just go with a manual process following the second link.
We should also add it to the RELEASE issue template.
I think we should use https://www.sigstore.dev/ .
@ret2libc last time I checked it mainly targeted containers.
Nah, it works for all kind of releases.
No time for this in this release. Moving to the next one
Just a pretty standard GPG and SHA256 information for all assets attached to the GitHub release.