99ba272822
Due to a misunderstanding of how the gpg command line options work, we didn't actually create detached signatures because the --clear-sign flag would overwrite that. We update our verification script to now only download the detached signatures and verify them against the main manifest file. We also update the signing instructions. |
||
---|---|---|
.. | ||
docker.yml | ||
main.yml | ||
release.yaml |