-
Notifications
You must be signed in to change notification settings - Fork 14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Request: GPG-sign releases or commits #12
Comments
I have no idea of how to do this. Is there a guide somewhere? Do the signatures have to be in some special place or something like that? What about the key? |
# key is the same hex string that you used in `git config --global user.signingkey <key>`
key=<key>
gpg --send-keys --keyserver hkps://keys.openpgp.org $key
gpg --send-keys --keyserver hkps://keyserver.ubuntu.com $key
|
Thank you for the guide. I think this should be done. Let me know if not. |
Done, indeed. Thank you! |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
While packaging trustedcoin for nix-bitcoin, where we use signature checking for all package releases, I noticed that trustedcoin provides no signatures at all.
Could you add sigs? This would remove Github as a trusted party for distributing trustedcoin.
(Yes, it's slightly amusing to request this for a package like trustedcoin.)
The text was updated successfully, but these errors were encountered: