You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I was wondering if it's possible to add an signature to the downloads, so I can add the valid GPG key ID and the user downloading/installing the binaries can thus verify automatically that the files are valid.
Context
AUR packages are “just” the instructions which files the user needs to fetch and have either a checksum or a GPG key ID – instead of a prebundled binary package which just needs to be extracted, like a .deb, .rpm, .pkg.tar.
If a GPG key ID is supplied, the AUR-helper (basically just an extended package manager), will fetch the GPG key from the key servers and check the files with it.
Possible implementation
No response
The text was updated successfully, but these errors were encountered:
Is there an existing issue for this?
Berty product
Desktop app
Feature request
Hey guys,
I'm the maintainer for the AUR packages for ArchLinux:
I was wondering if it's possible to add an signature to the downloads, so I can add the valid GPG key ID and the user downloading/installing the binaries can thus verify automatically that the files are valid.
Context
AUR packages are “just” the instructions which files the user needs to fetch and have either a checksum or a GPG key ID – instead of a prebundled binary package which just needs to be extracted, like a
.deb
,.rpm
,.pkg.tar
.If a GPG key ID is supplied, the AUR-helper (basically just an extended package manager), will fetch the GPG key from the key servers and check the files with it.
Possible implementation
No response
The text was updated successfully, but these errors were encountered: