[pass] Killing plaintext git:// in favor of https:// cloning
brian at minton.name
Tue Feb 23 15:20:23 CET 2016
No, but releases, aka tags, are.
On Tue, Feb 23, 2016, 9:06 AM Jason A. Donenfeld <Jason at zx2c4.com> wrote:
> On Tue, Feb 23, 2016 at 2:53 PM, Brian Minton <brian at minton.name> wrote:
> > Certainly got can sign individual tags with an OpenPGP key. Each commit
> > also hashed and the hashes are known. If you sign every commit, or at
> > every release, the code can't be tampered with. This is the workflow of,
> > instance, the Linux kernel.
> False. Commits in Linux development are not routinely signed.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Password-Store