How to verify that the installation packages attached to the releases have been assembled from the source code #183

vladimiry · 2019-07-06T09:54:08Z

Attached to the releases installation packages get automatically assembled from the source code with the help of the Continuous Integration systems (CI). So it's a completely reproducible process, ie anyone can fork the project and independently build the installation packages from the source code using the same CI systems.
Releases include the publicly available links to the CI build logs.
Those logs include the hash sums of the prepared installation packages (hash sums printed at the end of the log).

vladimiry · 2019-07-08T10:32:26Z

Referencing with #146.

vladimiry · 2020-03-11T19:32:11Z

Printing hash-sums into the CI output log originally enabled in v2.0.0-beta.9.

vladimiry closed this as completed Jul 6, 2019

vladimiry mentioned this issue Jan 28, 2020

Sign installers attached to project's "releases" page #219

Open

vladimiry added a commit that referenced this issue Jul 16, 2020

prefer "sha256" hash to "sha1" #183

d6ab7c3

vladimiry added a commit that referenced this issue Jul 18, 2020

prefer "sha256" hash to "sha1" #183

70b1e90

vladimiry mentioned this issue Oct 16, 2020

Use DuckDuckGo's Image Proxy #312

Closed

vladimiry mentioned this issue Sep 7, 2021

Code Signing on macOS #436

Closed

Provide feedback