giuspen left a comment (geany/www.geany.org#56) I think the code signing policy is ok, note that I added also Enrico, Colomban and Jiri as admins and also approvers but you can leave only my name there for now if you prefer. Note that when a build reaches the signing part I receive an email and theoretically you should too and one is enough to approve and let the workflow add the signature. I noticed that other projects using SignPath didn't even bother to write the approver(s) even though it's in the requirements. About Colomban point I remember you discussed to release also the unsigned at the beginning, personally I found the experience with them quite professional and I thought it's not in their interest to compromise their reputation tampering with the binaries.
-- Reply to this email directly or view it on GitHub: https://github.com/geany/www.geany.org/pull/56#issuecomment-3070646830 You are receiving this because you are subscribed to this thread. Message ID: <geany/www.geany.org/pull/56/[email protected]>
