mirror of
https://github.com/opencontainers/runc.git
synced 2026-07-10 21:53:57 +08:00
957bccfe2f
We need to make sure the release is being signed by a key that is actually listed as a trusted signing key, and we also need to ask the person cutting the release whether the list of trusted keys is acceptable. Also add some verification checks after a release is signed to make sure everything was signed with the correct keys. Signed-off-by: Aleksa Sarai <cyphar@cyphar.com>