Signed commits/tags/tarballs

[shibumi]

Hello,
I am the maintainer of the arch linux package. It would be super nice if you could sign your commits/tags and your tarballs via GPG for reliable secure releases.

How you do this is explained here:

https://help.github.com/articles/signing-commits-using-gpg/
https://wiki.debian.org/Creating%20signed%20GitHub%20releases

tarballs are not so important for me. I would be happy with signed commits and tags.

[shibumi]

Hi,
Any update in this direction? It would be really nice to have releases that are provable secure.

[github-actions]

This issue has been marked as stale because it has not had recent activity. The bot will close the issue if no further action occurs.

[LKaemmerling]

We are currently working on overhauling the release process for the hcloud cli. With the next release, we will have signed binaries, releases and archives.

[shibumi]

@LKaemmerling can we leave this open, until you fixed this?