From 98c68ba740717ffe732eeb64eb2702e0f4ca1cc9 Mon Sep 17 00:00:00 2001
From: Andrew Pan <a@tny.town>
Date: Wed, 15 Feb 2023 13:23:00 -0600
Subject: [PATCH] README.md: doc `release-signing-artifacts` change

---
 README.md | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/README.md b/README.md
index b91ce9d..f8c99ab 100644
--- a/README.md
+++ b/README.md
@@ -367,6 +367,9 @@ Example:
 The `release-signing-artifacts` setting controls whether or not `sigstore-python`
 uploads signing artifacts to the release publishing event that triggered this run.
 
+If enabled, this setting also re-uploads and signs GitHub's default source code artifacts,
+as they are not guaranteed to be stable.
+
 By default, no release assets are uploaded.
 
 Requires the [`contents: write` permission](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token).