[pass] Killing plaintext git:// in favor of https:// cloning
brian at minton.name
Tue Feb 23 15:26:16 CET 2016
master bminton.is-a-geek.net:~/src/linux$ git tag -v v4.5-rc1
tagger Linus Torvalds <torvalds at linux-foundation.org> 1453669617 -0800
gpg: Signature made Sun 24 Jan 2016 04:06:57 PM EST
gpg: using RSA key 79BE3E4300411886
gpg: Good signature from "Linus Torvalds <torvalds at linux-foundation.org>"
gpg: WARNING: This key is not certified with a trusted signature!
gpg: There is no indication that the signature belongs to the
Primary key fingerprint: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886
On Tue, Feb 23, 2016, 9:20 AM Brian Minton <brian at minton.name> wrote:
> No, but releases, aka tags, are.
> On Tue, Feb 23, 2016, 9:06 AM Jason A. Donenfeld <Jason at zx2c4.com> wrote:
>> On Tue, Feb 23, 2016 at 2:53 PM, Brian Minton <brian at minton.name> wrote:
>> > Certainly got can sign individual tags with an OpenPGP key. Each commit
>> > also hashed and the hashes are known. If you sign every commit, or at
>> > every release, the code can't be tampered with. This is the workflow
>> of, for
>> > instance, the Linux kernel.
>> False. Commits in Linux development are not routinely signed.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Password-Store