OpenSSF Best Practices: Provide signatures for Zowe.org downloads #1763
Closed
Labels
community-issue
keep
Issues with this label will be ignored by the stale bot
priority-low
Legit issue but cosmetic or nice-to-have
Is your feature or enhancement request related to a problem or limitation? Please describe
The OpenSSF Best Practices Silver Badge requires that we publish cryptographic signatures for releases intended for widespread use along with instructions for verifying the signatures. Some of this infrastructure already exists in the Zowe jfrog repository, however signatures and signature instructions are only visible for the Zowe PAX file download.
Describe your enhancement idea
Zowe.org, managed by the Onboarding Squad, should be changed to show signature downloads and verification instructions for Zowe CLI similar to what is shown for the PAX file download. The CLI Squad should ensure that this change is implemented with reasonable urgency.
The text was updated successfully, but these errors were encountered: