MantisBT - VCMI
View Issue Details
0001883VCMIOtherpublic2014-08-24 19:062014-08-31 16:28
0001883: could you GPG sign vcmi releases?
Would it be possible to sign source releases or release tags in the svn and/or git repository with a GPG key? It would then be possible to verify that the downloaded code is indeed the intended one by the developers and has not been tempered with.
No tags attached.
Issue History
2014-08-24 19:06joschNew Issue
2014-08-31 16:20IvanNote Added: 0004937
2014-08-31 16:28joschNote Added: 0004940

2014-08-31 16:20   
Possible although don't see much use from it. Will try to do this starting from next release (assuming that I won't forget about it)
2014-08-31 16:28   
Thank you for your consideration!

If you do end up signing your releases, then please put the detached signature in an easily discoverable path. For example if the tarball is at: [^]

then the ASCII armored detached signature could be put at: [^]