This repository has been archived by the owner on May 30, 2023. It is now read-only.

Sign the releases with GnuPG #13019

Open

ariya opened this issue Feb 22, 2015 · 1 comment

Assignees

Labels

meta

Owner

ariya commented Feb 22, 2015

The source tarballs and binary downloads should be signed with GnuPG.

ariya self-assigned this

ariya mentioned this issue

please provide checksum files on Bitbucket #14440

Closed

ghost commented Dec 8, 2016

This is especially important, given that phantomjs.org is not served over HTTPS and PhantomJS cannot be built on older or low-end PCs. In other words: at the moment, prospective PhantomJS users with older or low-end PCs are forced to trust an un-signed binary downloaded over plain HTTP.

ariya added the meta label

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.