gpg signature to verified the code after its release #7
Comments
|
Here are easy to follow docs: https://wiki.debian.org/Creating%20signed%20GitHub%20releases |
|
Sorry for missing this, let me see what I can do. |
|
https://github.com/eikenb/terminal-colors/releases/tag/v3.0.1 Easy enough. Does that do it? |
|
You need to add the GnuPG key Step 6 on https://wiki.debian.org/Creating%20signed%20GitHub%20releases gpg --armor --detach-sign mysoftware-0.4.tar.gz |
|
Sorry for the long delay. I'll try to get this done soon. |
|
Ok, done. I used my GPG key that is registered here on github. Let me know if this doesn't do it. Thanks for your patience. |
|
I don't know what "my GPG key here on github" means. Can you state your key ID so we can store it downstream in debian/upstream/signing-key.asc and use it to authenticate all future releases, thanks! |
|
@eikenb What key did you use to sign? |
|
Sigh. Sorry for the continuing pain. Re-reading the instructions I see the GPG key is required to be uploaded to a public server. I've done this before in the past (long time ago) and it was never useful so I stopped worrying about it. |
Hi
Is possible you provide me the gpg signature for the project?
https://lintian.debian.org/tags/debian-watch-does-not-check-gpg-signature.html
Is a way of verifying that no third party has modified the code after its release
The text was updated successfully, but these errors were encountered: