New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

How can I verify the integrity of Cutter? #666

Open
jamieweb opened this Issue Sep 1, 2018 · 4 comments

Comments

Projects
None yet
3 participants
@jamieweb

jamieweb commented Sep 1, 2018

Is there somewhere that I can get GPG signatures of the releases, or even just plain hashes? Signed commits also don't seem to be used.

@xarkes

This comment has been minimized.

Member

xarkes commented Sep 1, 2018

Hi,
While that's important no one here took the time to sign the releases.
We will do it eventually, or you can help us do that through a pull request.

@xarkes xarkes added the question label Sep 1, 2018

@xarkes

This comment has been minimized.

Member

xarkes commented Sep 1, 2018

About signed commits, I guess it shouldn't be an issue to sign them.

@jamieweb

This comment has been minimized.

jamieweb commented Sep 1, 2018

Yeah it looks like you're already signing your commits, but a lot of the other contributors aren't. Maybe mandatory commit signing would be the way to go for now?

@pelijah

This comment has been minimized.

Contributor

pelijah commented Sep 21, 2018

Commit signing? Why?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment