Feature #2962
fdroidserver to check gpg sig in git tags
| Status: | New | Start date: | 02/14/2014 | |
|---|---|---|---|---|
| Priority: | Normal | Due date: | ||
| Assignee: | - | % Done: | 0% | |
| Category: | - | |||
| Target version: | - | |||
| Component: |
Description
Git tags can be signed by OpenPGP using git tag -s v1.0. It should be possible to request fdroidserver to check those signatures when automatically updating based on git tags. I think this would be in the form of a new meta data field that lists valid keys for signing tags, i.e.:
Tag Signers: 374bbe81 DA731A17 12CA3765
History
#2 Updated by hans almost 4 years ago
- Target version changed from improved security/usability to 134
#3 Updated by hans over 2 years ago
- Target version deleted (
134)