I’d like to add a code-signing scheme to my release process, so that I can ensure the integrity and origin of my releases.
Curious if anyone else is doing this with Elixir apps, how you’ve setup your release process, what sort of PKI tooling you’ve used, etc.
I use deb package it has code signing, or for windows it’s exe installer and there’s the microsoft way of signing them.
I generally use a release to ship code. You can turn it into a RPM or DEB easily enough if you want too. But I generally don’t do immutable installs because I want the ability to roll in upgrades
You can find a free email course here: https://elixirtraining.org/release_email_course.html