Open fbrz76 opened 10 months ago
anipaul2
commented
10 months ago Pls, to avoid using bad source code, how to verify downloaded source code to build is that released?
Could you please elaborate on what you are trying to achieve? This will help me guide you more effectively.
fbrz76
commented
10 months ago Sure, i refer to something like that: https://raspibolt.org/guide/bitcoin/electrum-server.html#build-from-source-code In second section when about to verify the signature.
orbitalturtle
commented
10 months ago I agree, this would be a really nice feature to have :)
d6n13l0l1v3r
commented
8 months ago some additional reference I found in GitHub to sign a commit:
https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits
sr-gi
commented
8 months ago some additional reference I found in GitHub to sign a commit:
https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits
All commits need to be signed in order for PR to be merged in the repo. I think what the OP refers to is for the releases to be signed so we don't have to trust GH
Pls, to avoid using bad source code, how to verify downloaded source code to build is that released?