Thanks Anselm, this sounds awesome! Anselm R Garbe:
- (optional) repo owners/maintainers should sign their future git tags for release creation by using their own private PGP key.
I suggest distributing OpenPGP-keys via the keyserver pool [0] *without* self-hosting a copy. The point of keyservers is to allow faster distribution of changes like signatures, revocations, expirations - in an automated way [1, 2].
0. https://sks-keyservers.net/ 1. https://github.com/ilf/gpg-maintenance 2. https://github.com/EtiennePerot/parcimonie.sh -- ilf Über 80 Millionen Deutsche benutzen keine Konsole. Klick dich nicht weg! -- Eine Initiative des Bundesamtes für Tastaturbenutzung
signature.asc
Description: PGP signature