You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fabien published today a very interesting article: Signing Project Releases. Is this something that we should mention in the official Symfony documentation?
If you agree, here it is my initial proposal:
Add a very short note on the installation chapter about the possibility of checking Symfony signatures (this note is just a link to the content described bellow).
Add a new cookbook under the Security section about checking the Symfony signature. This would be a very short version of the original Fabien's article. We won't explain anything in detail. We would just explain how to securely check the signature of Symfony releases whether you use the raw source code from GitHub or the Composer version.