Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-Releases: really look for *.sign files (#1298)
With this patch applied projects like dracut pass the check: ``` "checks": [ { "details": [ "Debug: GitHub release found: 055", "Info: signed release artifact: dracut-055.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/37635937", "Debug: GitHub release found: 054", "Info: signed release artifact: dracut-054.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/36958052", "Debug: GitHub release found: 053", "Info: signed release artifact: dracut-053.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/32484038", "Debug: GitHub release found: 052", "Info: signed release artifact: dracut-052.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/32130796", "Debug: GitHub release found: 051", "Info: signed release artifact: dracut-051.tar.sign: https://api.github.com/repos/dracutdevs/dracut/releases/assets/31933850" ], "score": 10, "reason": "5 out of 5 artifacts are signed -- score normalized to 10", "name": "Signed-Releases", ```
- Loading branch information