torus-cli icon indicating copy to clipboard operation
torus-cli copied to clipboard
verified publisher icon manifoldco

GPG Sign zips, rpms, debs

Open jbowes opened this issue 9 years ago • 2 comments

We should begin Signing the binary distributions posted to https://get.torus.sh, so their origin can be verified

jbowes avatar Nov 17 '16 15:11 jbowes

If a user has apt configured such that it relies on trusted repositories it will error when they attempt to install torus from our published repositories!

ianlivingstone avatar Oct 19 '17 14:10 ianlivingstone

A work around in the short term for apt is to use the --allow-unauthenticated, this is not ideal. Setting up proper release signing is high on our priority list!

ianlivingstone avatar Nov 02 '17 13:11 ianlivingstone