Feature #2962
fdroidserver to check gpg sig in git tags
Status: | New | Start date: | 02/14/2014 | |
---|---|---|---|---|
Priority: | Normal | Due date: | ||
Assignee: | - | % Done: | 0% | |
Category: | - | |||
Target version: | - | |||
Component: |
Description
Git tags can be signed by OpenPGP using git tag -s v1.0
. It should be possible to request fdroidserver
to check those signatures when automatically updating based on git tags. I think this would be in the form of a new meta data field that lists valid keys for signing tags, i.e.:
Tag Signers: 374bbe81 DA731A17 12CA3765
History
#2 Updated by hans almost 4 years ago
- Target version changed from improved security/usability to 134
#3 Updated by hans over 2 years ago
- Target version deleted (
134)