BackwardCompatibilityCheck icon indicating copy to clipboard operation
BackwardCompatibilityCheck copied to clipboard
verified publisher icon Roave

Sign PHAR

Open sebastianbergmann opened this issue 5 years ago • 5 comments

Because the PHP Archives (PHARs) of this tool are currently not signed, the --force-accept-unsigned option is required when using Phive to install/update this tool.

Please consider signing the PHP Archives (PHARs) of this tool with a GPG key and publish that signature alongside the signed PHAR so that --force-accept-unsigned is not required when using Phive.

Thank you!

sebastianbergmann avatar Jun 15 '20 15:06 sebastianbergmann

Possibly feasible once we move to github actions, and then we can use an organization secret where to store a GPG signing (sub-)key

Ocramius avatar Jun 15 '20 15:06 Ocramius

Thank you for considering this!

sebastianbergmann avatar Jun 15 '20 15:06 sebastianbergmann

The 5.0.0 release does not have a PHAR (yet). Will one be published? Thanks!

sebastianbergmann avatar Jun 23 '20 05:06 sebastianbergmann

Guess something broke (AGAIN) in the travis publishing logic.

Ocramius avatar Jun 23 '20 07:06 Ocramius

@sebastianbergmann for now, I attached a manually built phar to the release @ https://github.com/Roave/BackwardCompatibilityCheck/releases/tag/5.0.0

Ocramius avatar Jun 23 '20 11:06 Ocramius