Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[cbi-dev] PGP and p2 signature strategy

Hi all,

Here is a document that describes the strategy that has been implemented to allow PGP signatures as a valid replacement to jarsigner to ensure installed artifacts comes from trusted sources: https://docs.google.com/document/d/1dl10ia092X5hN1qfKoHYvriCNM-iBqiOkfjnntxaBbk/edit?usp=sharing

Feedback welcome!

--
Mickael Istria
Eclipse IDE developer, for Red Hat Developers

Back to the top