Start publishing signature files for binaryen artifacts

# Request
Start publishing armored signature files for binaryen artifacts. E.g. for `binaryen-version_118-aarch64-linux.tar.gz` add `binaryen-version_118-aarch64-linux.tar.gz.asc` file so that the origin of this artchives can be validated.

# Reasoning

Today releases for binaryen ship as tar.gz archives (e.g. binaryen-version_118-aarch64-linux.tar.gz). Kotlin Gradle Plugin uses binaryen for javascript multiplatform targets. It fetches these files from `https://github.com/WebAssembly/binaryen/releases/download`. Sadly, users that use [Gradle signature verification](https://docs.gradle.org/current/userguide/dependency_verification.html#sec:signature-verification) have to allowlist `binaryen` artifacts because they are missing `.asc` signature files. Validating signatures allow consumers of `binaryen` to know they are getting artifacts from an expected source.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Start publishing signature files for binaryen artifacts #6783

Request

Reasoning

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Start publishing signature files for binaryen artifacts #6783

Description

Request

Reasoning

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions