Skip to content
This repository has been archived by the owner on May 30, 2023. It is now read-only.

Sign the releases with GnuPG #13019

Open
ariya opened this issue Feb 22, 2015 · 1 comment
Open

Sign the releases with GnuPG #13019

ariya opened this issue Feb 22, 2015 · 1 comment
Assignees
Labels

Comments

@ariya
Copy link
Owner

ariya commented Feb 22, 2015

The source tarballs and binary downloads should be signed with GnuPG.

@ghost
Copy link

ghost commented Dec 8, 2016

This is especially important, given that phantomjs.org is not served over HTTPS and PhantomJS cannot be built on older or low-end PCs. In other words: at the moment, prospective PhantomJS users with older or low-end PCs are forced to trust an un-signed binary downloaded over plain HTTP.

@ariya ariya added the meta label Mar 3, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

No branches or pull requests

1 participant