Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Improvement] Sign releases #726

Closed
Tracked by #664
justinmclean opened this issue Nov 12, 2023 · 0 comments · Fixed by #729
Closed
Tracked by #664

[Improvement] Sign releases #726

justinmclean opened this issue Nov 12, 2023 · 0 comments · Fixed by #729
Assignees
@justinmclean
Labels
improvement Improvements on everything

Comments

@justinmclean
Copy link
Member

What would you like to be improved?

Sign release so that they can be verified by users.

See:
https://github.com/ossf/scorecard/blob/49c0eed3a423f00c872b5c3c9f1bbca9e8aae799/docs/checks.md#signed-releases

How should we improve?

Create a process and documentation for signing and verifying releases.
@justinmclean justinmclean added the improvement Improvements on everything label Nov 12, 2023
@justinmclean justinmclean self-assigned this Nov 13, 2023
This was referenced Nov 13, 2023
Merged
Closed
jerryshao pushed a commit that referenced this issue Nov 16, 2023
@justinmclean
[#726] feat(doc): Add document on how to sign and verify releases (#729)
9634324 
### What changes were proposed in this pull request?

Add documentation on how to sign and verify a release.

### Why are the changes needed?

Signed releases are more trusted and a requirement for passing several
security checks.

Fix: #726

### Does this PR introduce _any_ user-facing change?

No

### How was this patch tested?

Tested shell commands on existing 0.2 release.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@justinmclean justinmclean

Labels
improvement Improvements on everything
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[#726] feat(doc): Add document on how to sign and verify releases justinmclean/gravitino_old
1 participant
@justinmclean