Latest release 2.1.0 not GPG signed

I package stuff for distros, in this case I'm the maintainer for the [mattermost](https://archlinux.org/packages/extra/x86_64/mattermost/) and [mattermost-desktop](https://archlinux.org/packages/extra/x86_64/mattermost-desktop/) packages in official Arch Linux repositories and keep a recipe for [this plugin](https://aur.archlinux.org/packages/mattermost-plugin-jitsi) [and others](https://aur.archlinux.org/packages?SeB=nd&K=mattermost-plugin&&SB=p&SO=d&PP=50&submit=Go) packaged in the AUR.

Previous [releases](https://github.com/mattermost-community/mattermost-plugin-jitsi/releases) have had the assembled artifact bundle GPG signed by a known party. The [latest release](https://github.com/mattermost-community/mattermost-plugin-jitsi/releases/tag/v2.1.0) has an unsigned artifact.

If this is an oversight can I request that it get signed so we don't have an unexplained laps in security/custody attestation? If signing assets is not going do be done could somebody with access to the previously used sigining key make a signed note to that effect? The key previously used was `C55881B80F69E863B85AD5D1D1B54B47A5CEFEC4` identifying as *Mattermost, Inc. <support@mattermost.com>*.

Thanks.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Latest release 2.1.0 not GPG signed #270

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Latest release 2.1.0 not GPG signed #270

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions