Feature #2962

fdroidserver to check gpg sig in git tags

Added by hans almost 4 years ago. Updated over 2 years ago.

Status:NewStart date:02/14/2014
Priority:NormalDue date:
Assignee:-% Done:

0%

Category:-
Target version:-
Component:

Description

Git tags can be signed by OpenPGP using git tag -s v1.0. It should be possible to request fdroidserver to check those signatures when automatically updating based on git tags. I think this would be in the form of a new meta data field that lists valid keys for signing tags, i.e.:

Tag Signers: 374bbe81 DA731A17 12CA3765

History

#2 Updated by hans almost 4 years ago

  • Target version changed from improved security/usability to 134

#3 Updated by hans over 2 years ago

  • Target version deleted (134)

Also available in: Atom PDF