You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It is good practice in open source projects to publish cryptographic signatures alongside the tarball source releases, so that e.g. Linux distributions and other downstreams can use OpenPGP to verify the authenticity of the imported release.
Thanks for continued work on xclip and hopefully there will be a new release in 2025!
This project uses rich releases at https://github.com/astrand/xclip/releases. Could you please consider also offering signatures?
It is good practice in open source projects to publish cryptographic signatures alongside the tarball source releases, so that e.g. Linux distributions and other downstreams can use OpenPGP to verify the authenticity of the imported release.
This is not a hard requirement, just nice to have. Managing OpenPGP keys securely requires some effort. A good guide on the topic can be found at https://github.com/lfit/itpol/blob/master/protecting-code-integrity.md/
The text was updated successfully, but these errors were encountered: