Please sign commits and releases
jonathancross opened this issue · comments
Would be great if @jaspervdm (and others working on this) could use an OpenPGP key to sign git commits and releases. This way we can nearly eliminate the need to trust GitHub.com and make it much harder for a third-party attacker to inject malicious code undetected just by getting access to the GitHub account.
I'd be happy to advise / help answer any questions you might have.
PS: Very excited about this project and the potential of x-chain atomic swaps, thanks!
I started doing this a few months ago, thanks for the suggestion!
Thanks @jaspervdm Would be great if you could also sign the binaries as is done in Electrum (or sign a SHA256 checksum of binaries as is done in Bitcoin, Monero, etc).
Thanks!