Please provide gpg armor files for release tarballs #5178
Labels
Comments
|
Maybe the simplest would be to add the sources to the APT repo (https://updates.signal.org/desktop/apt/), and everyone else could use the key that's already used there to check these sources. It would be nice to have a signed release on GH though. |
|
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions. |
|
Source tarballs should be signed for verification. This is still valid. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Could you please provide gpg .asc files for release tarballs? This way I could verify the source tarball is valid and trusted. (It is not only missing for signal-desktop, but also for its dependencies like zkgroup, libsignal-client, webrtc and ringrtc).
This is for https://build.opensuse.org/project/show/network:im:signal
See also https://en.opensuse.org/openSUSE:Package_source_verification
Thanks for considering!
The text was updated successfully, but these errors were encountered: