Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Sign Github releases #5317

Open
1 task
jficz opened this issue Feb 12, 2025 · 0 comments
Open
1 task

Sign Github releases #5317

jficz opened this issue Feb 12, 2025 · 0 comments
Labels
feature New functionality/enhancement security

Comments

@jficz
Copy link

jficz commented Feb 12, 2025

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request. Searching for pre-existing feature requests helps us consolidate datapoints for identical requirements into a single place, thank you!
  • Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request.
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment.

Describe the user story
As in #5157 but for the Github binary releases. The checksums file is better than nothing but since it comes from the same source, it is susceptible to MitM.

Describe the solution you'd like

The binary release should be signed with GPG and a signature file provided along with it.

@jficz jficz added the feature New functionality/enhancement label Feb 12, 2025
@dosubot dosubot bot added the security label Feb 12, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
feature New functionality/enhancement security
Projects
None yet
Development

No branches or pull requests

1 participant