I believe that you can also embed the key in the Release file with that commit, though I've not checked yet.

This allows TOFU by allowing unathenticated repos during first update; and future updates using keys in release files.

It would also allow repositories to rotate keys if users don't specify signed-by in sources files.

Β· Β· Web Β· 1 Β· 0 Β· 0

@Conan_Kudo that worked since a couple years already. Have to be local absolute paths, though.

Sign in to participate in the conversation

Server run by the main developers of the project 🐘 It is not focused on any particular niche interest - everyone is welcome as long as you follow our code of conduct!