Skip to content

Commit d5eb715

Browse files
bradh352bradh352
committed
talk about SLSA provenance
1 parent 4c7dc83 commit d5eb715

File tree

1 file changed

+12
-1
lines changed

1 file changed

+12
-1
lines changed

index.md

Lines changed: 12 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,11 +45,22 @@ best practices in regards to C coding standards.
4545
[GPG](https://github.com/c-ares/c-ares/releases/download/v{{ page.version.version }}/c-ares-{{ page.version.version }}.tar.gz.asc)
4646
[Changelog](/changelog.html)
4747

48+
You can also [download old packages](/download)
49+
50+
### PGP / GPG Signatures
51+
4852
Valid PGP / GPG signing keys for packages are:
4953
- Daniel Stenberg <[email protected]> - [27EDEAF22F3ABCEB50DB9A125CC908FDB71E12C2](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x27edeaf22f3abceb50db9a125cc908fdb71e12c2)
5054
- Brad House <[email protected]> - [DA7D64E4C82C6294CB73A20E22E3D13B5411B7CA](https://keyserver.ubuntu.com/pks/lookup?op=get&search=0xda7d64e4c82c6294cb73a20e22e3d13b5411b7ca)
5155

52-
You can also [download old packages](/download)
56+
57+
### SLSA Provenance
58+
This project generates SLSA provenance for its releases! This enables you to
59+
verify the integrity of the downloaded artifacts and ensure that the release was
60+
generated from the intended repository.
61+
62+
To verify the provenance of the release, please follow the instructions [here](https://github.com/slsa-framework/slsa-github-generator#verification-of-provenance).
63+
5364

5465
## Features
5566

0 commit comments

Comments
 (0)