From 89148e8214803ea78c20ae666e8a967dd0eb9acf Mon Sep 17 00:00:00 2001 From: root Date: Sun, 16 Jul 2023 18:38:54 -0400 Subject: [PATCH] Clarify bogus PGP signing of Gitea binary downloads --- roles/gitea/tasks/install.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/gitea/tasks/install.yml b/roles/gitea/tasks/install.yml index 592e148f3..957da4822 100644 --- a/roles/gitea/tasks/install.yml +++ b/roles/gitea/tasks/install.yml @@ -61,7 +61,7 @@ dest: "{{ gitea_checksum_path }}" timeout: "{{ download_timeout }}" -- name: Verify Gitea binary with GPG signature +- name: Verify Gitea binary with GPG signature ("BAD signature" FALSE ALARMS continue as of 2023-07-16, despite their claims at https://docs.gitea.com/installation/install-from-binary#verify-gpg-signature) shell: | gpg --keyserver keys.openpgp.org --recv {{ gitea_gpg_key }} gpg --verify {{ gitea_checksum_path }} {{ gitea_install_path }}