Am I the only person in the universe who verifies #PGP signatures for software source tarballs? This is the *second* time I've had to report this exact same ticket on the #etcd project: https://github.com/etcd-io/etcd/issues/11094
And the fact that they're replacing PGP signatures with a tool whose README (a) has a big warning that it's alpha-quality and should not be used, and (b) says that it is not a suitable replacement for PGP signatures and should not be used as such...
@roguelazer My package manager does it automatically for me.
The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!