Meilisearch
Suggestion: sign releases #540
Locked
sbrl
started this conversation in
Feedback & Feature Proposal
Replies: 1 comment
-
|
Hello @sbrl thanks for the suggestion, I opened an issue in the Meilisearch repository since it concerns only the release on GitHub and not the Meilisearch product itself thanks for the suggestion! 😄 This discussion is replaced by meilisearch/meilisearch#2816 |
Beta Was this translation helpful? Give feedback.
0 replies
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
-
Signing releases on GitHub with GPG + SHA256 would give people the confidence that releases are both officially released by you and their downloads weren't corrupted - either accidentally or maliciously.
The general process for this would be to generate SHA256 hashes for your release files (e.g. using sha256sum), and then signing that generated list of sha256 hashes with GPG.
Beta Was this translation helpful? Give feedback.
All reactions