<p dir="ltr"><br>
On Mar 8, 2015 12:35 AM, "Todd Zullinger" <<a href="mailto:tmz@pobox.com">tmz@pobox.com</a>> wrote:<br>
> But while we're on the subject, are there PGP signatures available for the cgit tarballs themselves? </p>
<p dir="ltr">I include a sha256 of the tarball in the announcement emails. Those emails are pgp signed. My pgp key is embedded in the repo, as well, and it's verifiable that all announce emails have been signed with the same key.</p>