|
|
|
|
|
|
by cpach
1320 days ago
|
|
|
Interesting question. Some things to consider: Linux and Rust and Rust use GnuPG to sign their releases. IMHO, Minisign would be better, but okey. Both projects are very large. I wonder how they handle key distribution for the key pair that signs the release. Is the private key online or offline? How do they prevent the private key from leaking? |
|
|