Feature Request: Release package signing · open-source-parsers/jsoncpp#550

(1 留言) (1 反應) (0 負責人)C++ (7,542 star) (2,602 fork)batch import

enhancementhelp wanted

描述

Hello, There is currently no way to verify the complete integrity of releases. Please consider signing your releases so that package maintainers can verify the sources prior to packaging.

See here for how-to and complete details: https://wiki.debian.org/Creating%20signed%20GitHub%20releases

Thank you

貢獻者指南

技術棧: cpp
領域: securityrelease
議題類型: feature
難度: 3
預計時間: 1-2 days
活動狀態: stale
清晰度: clear
前置要求: familiarity with GPGknowledge of GitHub releases
新手友善度: 35
研究方向: Investigate how to implement release signing for this project. Review the Debian wiki link provided in the issue for guidance on creating signed GitHub releases. Check if there are any existing discussions or related issues in the repository. Look at the project's release workflow and CI configuration to determine where signing can be integrated. The single comment may contain additional hints.