15.7 is not signed
dvzrv opened this issue · comments
David Runge commented
Hi! I package shim for Arch Linux.
To ensure the chain of trust between releases, I check the signatures made for the respective tags. @vathpela it seems you forgot to sign 15.7.
Please make sure to continue signing the releases (also see #304), as shim is central to the secure boot setup on many downstream distributions.
Robbie Harwood commented
Fixed
Julian Andres Klode commented
Tarballs probably should have detached signatures, but at least you can now reproduce them with make test-archive
:)