You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Since 0.10.1, Zig releases have been cryptographically signed using https://jedisct1.github.io/minisign/ which I believe is compatible with OpenBSD's signify and the various ports to other systems. The public key, which you can find at either https://github.com/ziglang/zig/releases/tag/0.11.0 or https://github.com/ziglang/zig/releases/tag/0.10.1, is RWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U. I am not sure if any other asdf plugin has already implemented minisign / signify support yet. I do not recall any "standard" location for the public keys to go, so maybe something asdf-specific, like how we store PGP public keys, in a private, plugin-specific keyring.
Expected Behaviour
Some additional assurance that the binaries downloaded are not tampered with.
The text was updated successfully, but these errors were encountered:
Provide environment information
To Reproduce
N/A
Describe the Bug
Since
0.10.1, Zig releases have been cryptographically signed using https://jedisct1.github.io/minisign/ which I believe is compatible with OpenBSD'ssignifyand the various ports to other systems. The public key, which you can find at either https://github.com/ziglang/zig/releases/tag/0.11.0 or https://github.com/ziglang/zig/releases/tag/0.10.1, isRWSGOq2NVecA2UPNdBUZykf1CCb147pkmdtYxgb3Ti+JO/wCYvhbAb/U. I am not sure if any other asdf plugin has already implementedminisign/signifysupport yet. I do not recall any "standard" location for the public keys to go, so maybe something asdf-specific, like how we store PGP public keys, in a private, plugin-specific keyring.Expected Behaviour
Some additional assurance that the binaries downloaded are not tampered with.
The text was updated successfully, but these errors were encountered: