Hi! We're new to k3s, and hoping to be able to verify downloaded binaries (from https://github.com/k3s-io/k3s/releases and https://hub.docker.com/r/rancher/klipper-lb etc.) ideally via a detached GPG signature with a previously published/well-known GPG key from the k3s maintainers. I've looked over the docs/FAQ, github issues and searched slack so far. It it the case that no such signatures are available? Thank you for any thoughts on this!
c
careful-piano-35019
01/26/2023, 1:09 PM
Not signed yet
👍 1
a
astonishing-park-79642
01/26/2023, 2:06 PM
Thanks for confirming. Do you happen to know if paying for commercial Rancher support (or anything else) changes that?
@astonishing-park-79642 just building on here. With our Rancher Prime subscription, we will be looking at notarizing images to allow for source integrity to be maintained when selected for use by customers. TLDR, the subscription will allow you to get that.