Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider signing commits/releases with PGP #4113

Open
inglor opened this issue Feb 4, 2024 · 1 comment
Open

Consider signing commits/releases with PGP #4113

inglor opened this issue Feb 4, 2024 · 1 comment

Comments

@inglor
Copy link

inglor commented Feb 4, 2024

Hi 👋

As the package maintainer of this in Arch Linux I would appreciate to maintaining the chain of trust with PGP signatures on commits / tags. This can be handled from the Arch Linux build tools and can automatically validate PGP public key of the author of the commit.

Tasks:

  • Sign commits and tags of releases
  • Mention the public keys used for signing the above in README or any other file within the repository so downstream systems can validate independently.
  • Add any new maintainers who can release on the above list (future)

Thank you
@github-actions GitHub Actions
Copy link

github-actions bot commented Feb 4, 2024

We found the following entries in the FAQ which you may find helpful:

Feel free to close this issue if you found an answer in the FAQ. Otherwise, please give us a little time to review.

This is an automated reply, generated by FAQtory

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@inglor