Finish signing phar file
tvbeek opened this issue · comments
- PHPMD version: 2.13.0
- PHP Version: -
- Installation type: phive
- Operating System / Distribution & Version: All
The phar file isn't signed yet because of the missing secrets:
PASSPHRASE:
SECRET_KEY:
Done
@ravage84 thanks for signing. Can you communicate the correct public key somewhere? Otherwise we might just have to accept any key on first contact and that is no better than having unsigned packages (it just means that sombody signed this blob).
Maybe a note in the README and/or the download page that "the phar is signed with this key ..."
It seems the key currently in use is E7A7 4510 2ECC 980F 7338 B307 9093 F8B3 2E48 15AA
. Is that correct.
Yes, you can check it matches here:
https://github.com/phpmd/phpmd/actions/runs/6339367263/job/17218343327#step:10:16
@lucc All the keys available can be found here: