You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: README.md
+8Lines changed: 8 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -14,6 +14,12 @@ You can learn more about it in [the specification](http://bsonspec.org).
14
14
15
15
### Release Integrity
16
16
17
+
Releases are created automatically and signed using the [Node team's GPG key](https://pgp.mongodb.com/node-driver.asc). This applies to the git tag as well as all release packages provided as part of a GitHub release. To verify the provided packages, download the key and import it using gpg:
18
+
19
+
```shell
20
+
gpg --import node-driver.asc
21
+
```
22
+
17
23
The GitHub release contains a detached signature file for the NPM package (named
18
24
`bson-X.Y.Z.tgz.sig`).
19
25
@@ -29,6 +35,8 @@ To verify the integrity of the downloaded package, run the following command:
29
35
gpg --verify bson-X.Y.Z.tgz.sig bson-X.Y.Z.tgz
30
36
```
31
37
38
+
>[!Note]
39
+
No verification is done when using npm to install the package. The contents of the Github tarball and npm's tarball are identical.
0 commit comments