rust-teos icon indicating copy to clipboard operation
rust-teos copied to clipboard

Published 20 hours ago verified publisher icon talaia-labs

Do Not trust verify

Open fbrz76 opened this issue 1 year ago • 5 comments

Pls, to avoid using bad source code, how to verify downloaded source code to build is that released?

fbrz76 avatar Aug 12 '23 09:08 fbrz76

Pls, to avoid using bad source code, how to verify downloaded source code to build is that released?

Could you please elaborate on what you are trying to achieve? This will help me guide you more effectively.

anipaul2 avatar Aug 12 '23 11:08 anipaul2

Sure, i refer to something like that: https://raspibolt.org/guide/bitcoin/electrum-server.html#build-from-source-code In second section when about to verify the signature.

fbrz76 avatar Aug 13 '23 17:08 fbrz76

I agree, this would be a really nice feature to have :)

orbitalturtle avatar Aug 16 '23 02:08 orbitalturtle

some additional reference I found in GitHub to sign a commit:

https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits

https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification

d6n13l0l1v3r avatar Oct 24 '23 13:10 d6n13l0l1v3r

some additional reference I found in GitHub to sign a commit:

https://docs.github.com/en/authentication/managing-commit-signature-verification/signing-commits

https://docs.github.com/en/authentication/managing-commit-signature-verification/about-commit-signature-verification

All commits need to be signed in order for PR to be merged in the repo. I think what the OP refers to is for the releases to be signed so we don't have to trust GH

sr-gi avatar Oct 24 '23 14:10 sr-gi