You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository has been archived by the owner on Feb 23, 2018. It is now read-only.
I'd like to commit to this, and I've used git signing before. Main issues are:
this project hasn't been updated for a while. I doubt it will get updated in the near future
unless you've saved my public key, how will you verify my commits? GitHub shows a "verified" type note on some commits, but this could be hacked, as you said
- unless you've saved my public key, how will you verify my commits?
Options:
- Get it through the OpenPGP web of trust.
- Download from various sources at various times if possible.
- Use various channels of communications.
- Or I suppose many are also doing just TOFU, trust on first use.
Sign up for freeto subscribe to this conversation on GitHub.
Already have an account?
Sign in.
For better security, could you please sign all upcoming git commits and git tags?
It's useful in case github gets hacked again in case SSL CA's get hacked again.
The text was updated successfully, but these errors were encountered: