[pass] Killing plaintext git:// in favor of https:// cloning

Jason A. Donenfeld Jason at zx2c4.com
Tue Feb 23 15:03:00 CET 2016


On Tue, Feb 23, 2016 at 2:53 PM, Brian Minton <brian at minton.name> wrote:
> Certainly got can sign individual tags with an OpenPGP key. Each commit is
> also hashed and the hashes are known. If you sign every commit, or at least
> every release, the code can't be tampered with. This is the workflow of, for
> instance, the Linux kernel.

False. Commits in Linux development are not routinely signed.


More information about the Password-Store mailing list