Am I the only person in the universe who verifies #PGP signatures for software source tarballs? This is the *second* time I've had to report this exact same ticket on the #etcd project: https://github.com/etcd-io/etcd/issues/11094
And the fact that they're replacing PGP signatures with a tool whose README (a) has a big warning that it's alpha-quality and should not be used, and (b) says that it is not a suitable replacement for PGP signatures and should not be used as such...
@roguelazer My package manager does it automatically for me.
This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!