diff options
| author | saturneric <[email protected]> | 2025-06-12 05:21:42 +0000 |
|---|---|---|
| committer | saturneric <[email protected]> | 2025-06-12 05:21:42 +0000 |
| commit | 1b8c13f7931dead6ce6a5978e9fa1979745c618c (patch) | |
| tree | da10a75a2ce7b6b2a60539709adfba588430407c | |
| parent | docs(index): update landing page content and features (diff) | |
| download | Manual-1b8c13f7931dead6ce6a5978e9fa1979745c618c.tar.gz Manual-1b8c13f7931dead6ce6a5978e9fa1979745c618c.zip | |
docs(appendix): restructure binary verification documentation
- change section headings from ### to ## for consistency
- remove third-party library assurance section
- simplify binary verification instructions
- consolidate build info and public key sections
- update key fingerprint and public key block
- make language more concise and direct
| -rw-r--r-- | src/content/docs/appendix/code-binary-verify.md | 37 |
1 files changed, 7 insertions, 30 deletions
diff --git a/src/content/docs/appendix/code-binary-verify.md b/src/content/docs/appendix/code-binary-verify.md index 643e835..c585449 100644 --- a/src/content/docs/appendix/code-binary-verify.md +++ b/src/content/docs/appendix/code-binary-verify.md @@ -8,7 +8,7 @@ integrity of code and executable files. The process outlined below aims to fortify trust in software distribution by leveraging digital signatures and secure, automated build processes. -### Automated Build Process +## Automated Build Process Our software leverages **GitHub Actions** for automated compilations, ensuring that every binary file version released is directly compiled from the source @@ -18,55 +18,32 @@ interference. The exact commands and environment configurations used during the compilation are documented within the project's `.github/workflow/release.yml` file, allowing for full accountability and reproducibility. -### Third-Party Library Assurance +## Binary File Verification -To uphold our commitment to security, we do not include GnuPG in our major -releases and strictly avoid insecure or proprietary third-party libraries. -Instead, we only utilize third-party libraries that are open-source and have -been compiled from publicly accessible code repositories. This practice ensures -that our software remains secure and trustworthy. - -### Code Verification - -We encourage users to review our code to ensure its integrity and security. The -code for all releases is available on our GitHub repository. For any inquiries -or concerns, please feel free to contact us directly. Most new git commits are -signed with a designated key, which is also used for Git operations: `Saturneric -<[email protected]>`. This commitment to transparency allows users to verify the -authenticity of our code easily. - -#### Key Fingerprint - -``` -E3379489C39B7270E70E2E303AAF1C64137CEE57 -``` - -### Binary File Verification - -From version 1.0.5 onwards, we sign our packages containing the binary +From version 1.0.5 onwards, I sign our packages containing the binary executable files with a GPG key to further ensure security. Each package is accompanied by a signature file in the release section (with a `.sig` suffix), allowing users to verify the package before use using standard GPG tools. -#### About Interface Verification +## Build Info Verification Our software includes an "About" interface accessible from the help menu, providing users with information about the software version, platform, and the specific GitHub repository branch and commit hash used for compiling the binary. This feature adds an extra layer of transparency and verification for users. -### Public Key for Verification +## Public Key for Verification Below is the public key used for signing the commits and binary files, which can be used to verify the authenticity of our releases: -#### Key Fingerprint +### Key Fingerprint ``` 12F7E8858CF15BEC9975FF3C5CA3DA246843FD03 ``` -#### Public Key (OpenPGP) +### Public Key (OpenPGP) ``` -----BEGIN PGP PUBLIC KEY BLOCK----- |