Am I the only person in the universe who verifies signatures for software source tarballs? This is the *second* time I've had to report this exact same ticket on the project: github.com/etcd-io/etcd/issues

And the fact that they're replacing PGP signatures with a tool whose README (a) has a big warning that it's alpha-quality and should not be used, and (b) says that it is not a suitable replacement for PGP signatures and should not be used as such... :sad_but_cool:

Show thread
Follow

@roguelazer My package manager does it automatically for me.

Sign in to participate in the conversation
Mastodon for Tech Folks

This Mastodon instance is for people interested in technology. Discussions aren't limited to technology, because tech folks shouldn't be limited to technology either!