docker-credential-helpers icon indicating copy to clipboard operation
docker-credential-helpers copied to clipboard
verified publisher icon docker

Sign releases, use correct file formats

Open TacticalCode opened this issue 7 years ago • 1 comments

Currently, I can't find any public signatures (or at least file integrity checksums) for release files. In 2018... C'mon guys! Even the Docker docs link here as the official release source, do you expect users to just throw random binaries from github onto their systems to handle login credentials?

Please use some form of signature to provide trust as well as file integrity.

Another issue I noticed with releases: The Linux tarball for v0.6.0 is not gzipped, although it has the ".gz" file extension.

TacticalCode avatar Jul 03 '18 10:07 TacticalCode

"In 2019, this repository has releases without checksums or signatures..."

natlibfi-arlehiko avatar Feb 11 '19 10:02 natlibfi-arlehiko