This repository has been archived by the owner on Apr 26, 2024. It is now read-only.
Signing releases #16556
Labels
X-Needs-Info
This issue is blocked awaiting information from the reporter
Comments
|
The debian packages are signed: https://matrix-org.github.io/synapse/latest/setup/installation.html#matrixorg-packages Can you provide more info about what sort of install you're using? |
clokep
added
the
X-Needs-Info
|
Is this basically #15994 ? |
|
Oh shoot, yes. Sorry, I did not mean to open a second issue (I actually completely forgot that I already did that). I'll go ahead and close since it's a duplicate. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description:
Hello! I apologize if this is somewhere, but I cannot seem to find it if it exists. I would like to cryptographically verify the releases of matrix-synapse. I can see that the release-tagged commits are signed, but I cannot seem to find public information on which key(s) I should trust signatures from. Ideally, there would be a link in the readme to some web page on matrix.org listing a public key, and the tags are signed with that key. Even better if that same pgp key is used to sign everything (packages, release tags, etc.).
Thanks for the great work!
The text was updated successfully, but these errors were encountered: