external/secretive
1
0
Fork 0
mirror of https://github.com/maxgoedjen/secretive.git synced 2025-09-20 03:10:57 +00:00
Code Issues Projects Releases Wiki Activity

Update README to clarify build process and attestations

Browse Source
This commit is contained in:
Max Goedjen 2025-08-23 15:06:08 -07:00 committed by GitHub
parent 5a63313d0f
commit 3578ca6ad0
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 1 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
README.md
View File

@ -49,10 +49,7 @@ There's a [FAQ here](FAQ.md).
### Auditable Build Process ### Auditable Build Process
Builds are produced by GitHub Actions with an auditable build and release generation process. Builds are produced by GitHub Actions with an auditable build and release generation process. Starting with Secretive 3.0, builds are attested using [GitHub Artifact Attestation](https://docs.github.com/en/actions/concepts/security/artifact-attestations). Attestations are viewable in the build log for a build, and also on the [main attestation page](https://github.com/maxgoedjen/secretive/attestations).
#### Attestated Releases
Starting with Secretive 3.0, builds are attestd using [GitHub Artifact Attestation](https://docs.github.com/en/actions/concepts/security/artifact-attestations). Attestations are viewable in the build log for a build, and also on the [main attestation page](https://github.com/maxgoedjen/secretive/attestations).
### A Note Around Code Signing and Keychains ### A Note Around Code Signing and Keychains