This repository has been archived by the owner on Oct 6, 2019. It is now read-only.
Feature request: Signed releases #244
Labels
Comments
|
That'd be nice indeed. You don't want fake packages to go leak all your secrets xD |
|
Yes, I have thought about signed releases and will likely do this in the future. Although, I'm not sure how far in the future. It probably won't be in the next release. A signed package does not guarantee the source code from which it is compiled. But the concern is valid. I, too, am paranoid, and would expect signed releases in the future. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Would it be possible to have signed binary releases? Right now, if I want to get binaries that I know represent the code available at a given version, I have to pull from GitHub and compile the code myself.
GPG FTW.
The text was updated successfully, but these errors were encountered: