Skip to content

sign snapshots and nightly builds with a low trust buildbot key #13181

Closed
@thestinger

Description

@thestinger
Contributor

These should still be signed, even though a truly trusted key can't be used as there's no human involved in the process. With TLS alone, there's trust that every CA able to issue org certificates is not malicious/incompetent. It would be nice to have another way of verifying the authenticity of a snapshot, as we can with the release tarballs themselves.

Activity

thestinger

thestinger commented on Apr 1, 2014

@thestinger
ContributorAuthor

#13252 and #13254 replace this

added a commit that references this issue on Sep 13, 2022

Auto merge of rust-lang#13192 - lowr:fix/dyn-sort-all-bounds, r=Veykril

6dfd8ae
added a commit that references this issue on Aug 8, 2024

Auto merge of rust-lang#13181 - Alexendoo:implicit-hasher-suggestion,…

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

      Development

      No branches or pull requests

        Participants

        @thestinger

        Issue actions

          sign snapshots and nightly builds with a low trust buildbot key · Issue #13181 · rust-lang/rust