Am I the only person in the universe who verifies signatures for software source tarballs? This is the *second* time I've had to report this exact same ticket on the project: github.com/etcd-io/etcd/issues

Follow

And the fact that they're replacing PGP signatures with a tool whose README (a) has a big warning that it's alpha-quality and should not be used, and (b) says that it is not a suitable replacement for PGP signatures and should not be used as such... :sad_but_cool:

Sign in to participate in the conversation
Mastodon for Tech Folks

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!