Updated FAQ

4 months ago · 46730ed606
parent b8b4b87e5c
commit 46730ed606
2 changed files with 7 additions and 0 deletions
--- a/FAQ.md
+++ b/FAQ.md
@ -6033,6 +6033,11 @@ This feature is experimental and requires version 1.2171 or later for the GitHub
 <a name="faq205"></a>
 **(205) How do I check the integrity of an APK file?**

+"*Artifact attestations enable you to create unfalsifiable provenance and integrity guarantees for the software you build.*
+*In turn, people who consume your software can verify where and how your software was built.*"
+
+Please [see here](https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds) for details.
+
 You can verify in this way that an APK file was built and signed by a GitHub workflow:

 1. Install the [GitHub CLI](https://cli.github.com/)
--- a/index.html
+++ b/index.html
@ -3007,6 +3007,8 @@ adb install /path/to/FairEmail-xxx.apk</code></pre>
 <p>This feature is experimental and requires version 1.2171 or later for the GitHub version and version 1.2182 or later for the Play Store version.</p>
 <p><br></p>
 <p><a name="faq205"></a> <strong>(205) How do I check the integrity of an APK file?</strong></p>
+<p>“<em>Artifact attestations enable you to create unfalsifiable provenance and integrity guarantees for the software you build.</em> <em>In turn, people who consume your software can verify where and how your software was built.</em>”</p>
+<p>Please <a href="https://docs.github.com/en/actions/security-guides/using-artifact-attestations-to-establish-provenance-for-builds">see here</a> for details.</p>
 <p>You can verify in this way that an APK file was built and signed by a GitHub workflow:</p>
 <ol type="1">
 <li>Install the <a href="https://cli.github.com/">GitHub CLI</a></li>