Updating the public key for package verification #29
theBadT
announced in
Announcements
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hey folks,
Along the 2511 release we'll be exchanging the private key, used for signing apax packages, for all repositories within the GitHub organisation. Due to that, we'll be providing a new public key to be used inside the apax.yml for signature verification.
We're rotating the key to keep a certain level of confidence when consuming packages from the GHCR. NONE of the current or previous keys has been leaked though.
Regards,
Thomas
Beta Was this translation helpful? Give feedback.
All reactions