README.md: doc release-signing-artifacts change

sigstore · Feb 15, 2023 · 98c68ba · 98c68ba
1 parent 400d4f4
commit 98c68ba
Showing 1 changed file with 3 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -367,6 +367,9 @@ Example:
 The `release-signing-artifacts` setting controls whether or not `sigstore-python`
 uploads signing artifacts to the release publishing event that triggered this run.
 
+If enabled, this setting also re-uploads and signs GitHub's default source code artifacts,
+as they are not guaranteed to be stable.
+
 By default, no release assets are uploaded.
 
 Requires the [`contents: write` permission](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).