Sign release tags and OTP releases
I think it's a good idea to sign release tags and OTP releases. There is no reason not to do it, it just makes Pleroma more secure, because users can verify themselves that the source code they are using has not been tampered with. I'm a bit disappointed that you are not doing this yet.
Edited by ewaf