-
Notifications
You must be signed in to change notification settings - Fork 57
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
AppImageUpdate*.AppImage not signed #158
Comments
I'm having the same problem |
Yes it would look better if the tool updater was signed ;) (Apart from that i see several of other programs shows the same problem) |
Still not signed. |
Pull requests are welcome. This is a community based project entirely driven by volunteers (you). |
I believe that signing the appimage file requires getting access to the authors GPG key and making it available for downloaders to verify it, which contributors can't do, unless they have access to the private keys: https://docs.appimage.org/packaging-guide/optional/signatures.html |
If this is going to use GPG, you probably needn't bother. I've heard stats such as about 2% of people verify a GPG-signed piece of software. It's far too unwieldy and you get an assurance of limited value, given most of the time you have no way of confirming that a given key corresponds to a given person. It might be more useful to use the sigstore / cosign approach. Verifying an AppImage could then be a single step: |
AppImageUpdate-x86_64.AppImage
Details:
appimageupdatetool-x86_64.AppImage
Details:
The text was updated successfully, but these errors were encountered: