You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If you have several keys and you need to choose one, add a line like: GPGOPT="--default-key 2CF55E8890175AAA5332A60587435B0A61E3EB49"
Then at the end of the script
gpg $GPGOPT --detach-sign phpPgAdmin-$2.tar.bz2
gpg $GPGOPT --detach-sign phpPgAdmin-$2.tar.gz
gpg $GPGOPT --detach-sign phpPgAdmin-$2.zip
(by the way, the modern encryption algorithm is xz)
Publish somewhere the list of keys that can be trusted.
The text was updated successfully, but these errors were encountered:
It looks like you are using GPG since last tags where signed.
It would be great if you could sign your releases, so we don't have to trust Microsoft not to hack into the downloads.
You could add "--sign" to your git tag command, even if you have it in your defaults somewhere else.
Generate detached signature of your archives. One example is https://www.apache.org/dist/httpd/
If you have several keys and you need to choose one, add a line like: GPGOPT="--default-key 2CF55E8890175AAA5332A60587435B0A61E3EB49"
Then at the end of the script
gpg $GPGOPT --detach-sign phpPgAdmin-$2.tar.bz2
gpg $GPGOPT --detach-sign phpPgAdmin-$2.tar.gz
gpg $GPGOPT --detach-sign phpPgAdmin-$2.zip
(by the way, the modern encryption algorithm is xz)
The text was updated successfully, but these errors were encountered: