But, looking at:
https://github.com/MoonchildProductions/Pale-Moon/tags
I don't see that any tags are PGP signed.
A feature that I for one, and I'm sure other users who are aware of the protection that PGP-signing gives against MiTM attacks, sorely miss.
I see, from among the 76 contributors, the one whose brainchild the project of Pale Moon is (or if I'm allowed to call it in one word: Palemoon), has a few keys (and I'm glad it likely reveals the man of the Palemoon fame
)...that the main developer [as likely this is him] has his keys listed:
https://sks-keyservers.net/pks/lookup?o ... =wolfbeast
If I'm correct that the tags are not signed, will you please consider starting to sign them in the future?
If I am not right, and Palemoon tagged releases are PGP-signed, how come I don't see the tags, such as here it says that they should show:
https://help.github.com/articles/checki ... on-status/
(
If they should show, but also other users who read here can't see them, I can open an issue at:
https://github.com/MoonchildProductions ... oon/issues
)
Sincere regards!
Note: The only other topic related to PGP-signing I found at:
GPG/PGP Key for trava90
viewtopic.php?f=37&t=10161
but neither could I see any tags, or commits, verifiable at:
https://github.com/MoonchildProductions ... -installer
(
which I do not directly use, I use Gentoo Overlay unofficial:
https://github.com/deuiore/palemoon-overlay
which uses
https://github.com/MoonchildProductions/Pale-Moon/ repo and git packs from it for installation, but neither is the palemoon-overlay PGP-signed --TBH, nothing in Gentoo git is signed for users' verification...
)
