Provide signed sources for releases
PolarianDev opened this issue · comments
Polarian commented
Description
Hello,
For future releases, could you provide signed sources for authenticity, Github can republish sources at any time, it allows packagers to ensure the tarball they downloaded was what the developer released, and has not been modified.
Should be as simple as uploading a detached signature of the tarball Github makes.
Thank you,
Polarian
Denis Arnst commented
Thank you for the suggestion, I think thats a good point and will do so in future releases. Will also sign future commits.
Denis Arnst commented
Latest release includes signed sources