revanced-api icon indicating copy to clipboard operation
revanced-api copied to clipboard
verified publisher icon ReVanced

feat: Support Attestation Provenance as signature download

Open validcube opened this issue 1 year ago • 2 comments

Feature description

In addition to listing .asc file, the API should also list the provenance for supported repository.

Motivation

Provide an alternative way to verify without using .asc, subjective but the security is as secure if not better than .asc so this can benefit our user as well.

Acknowledgements

  • [x] I have checked all open and closed feature requests and this is not a duplicate
  • [x] I have chosen an appropriate title.
  • [x] All requested information has been provided properly.

validcube avatar Nov 30 '24 19:11 validcube

Provenance makes sense if the frontend should be aware of what the API serves has a source code. What if we implement a backend that consumes closed source files from an FTP server?

oSumAtrIX avatar Nov 30 '24 19:11 oSumAtrIX

I guess it can be nullable. What are the docs for GitHub?

oSumAtrIX avatar Jul 11 '25 14:07 oSumAtrIX