This repository has been archived by the owner on Dec 1, 2018. It is now read-only.
GPG signed snapshots? #45
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Given the security focus, signed snapshots seems like it would make sense? The hashes on the website only provide a modicum of security, without a root trust anchor.
The text was updated successfully, but these errors were encountered: