[tz] Tonga returns to DST on 2016-11-06
Russ Allbery
eagle at eyrie.org
Fri Nov 4 19:15:03 UTC 2016
Paul G <paul at ganssle.io> writes:
> There is a way to sign tags directly, but I'm not sure that there's a
> way to actually verify the signature without cloning the git
> repository. It might be worth looking into some sort of script or hook
> that automatically generates signed tarballs for distribution when the
> repository is tagged.
GitHub will verify the signatures on tags for you if you upload the PGP
public key used to sign the tags to GitHub, and show the signature as
verified in their UI. (Of course, that assumes you trust GitHub to do
that verification.)
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the tz
mailing list