[pass] Killing plaintext git:// in favor of https:// cloning

[Jason A. Donenfeld]

On Tue, Feb 23, 2016 at 2:53 PM, Brian Minton <brian at minton.name> wrote:
> Certainly got can sign individual tags with an OpenPGP key. Each commit is
> also hashed and the hashes are known. If you sign every commit, or at least
> every release, the code can't be tampered with. This is the workflow of, for
> instance, the Linux kernel.

False. Commits in Linux development are not routinely signed.