Closed fossfreedom closed 8 years ago
Hi there,
I'm looking at pushing this as a package into Debian (and hence all Debian derived distros such as Ubuntu).
One of the usual questions asked is for consideration that upstream sign both tags and releases in future releases.
signing github releases gpg signing
Apparently Debian's policy is also to encourage upstream to sign commits, tags and releases to provide assurance of the stuff being built.
Hence the question - would you consider signing tags and releases in future?
answer here: https://github.com/moka-project/moka-icon-theme/issues/232
Hi there,
I'm looking at pushing this as a package into Debian (and hence all Debian derived distros such as Ubuntu).
One of the usual questions asked is for consideration that upstream sign both tags and releases in future releases.
signing github releases gpg signing
Apparently Debian's policy is also to encourage upstream to sign commits, tags and releases to provide assurance of the stuff being built.
Hence the question - would you consider signing tags and releases in future?