message no. 106703
Posted by nico103 in #github at 2015-08-09T23:55:51Z
my approach is likely to be this: first include author/signer pubkeys in the main repo, then make the release, including a signature of it, and finally, include a file in the main repo that includes the hashes of all the released artifacts