[tz] Tonga returns to DST on 2016-11-06

Andreas Heigl andreas at heigl.org
Fri Nov 4 19:29:16 UTC 2016

Am 04.11.16 um 20:15 schrieb Russ Allbery:
> Paul G <paul at ganssle.io> writes:
>> There is a way to sign tags directly, but I'm not sure that there's a
>> way to actually verify the signature without cloning the git
>> repository. It might be worth looking into some sort of script or hook
>> that automatically generates signed tarballs for distribution when the
>> repository is tagged.
> GitHub will verify the signatures on tags for you if you upload the PGP
> public key used to sign the tags to GitHub, and show the signature as
> verified in their UI.  (Of course, that assumes you trust GitHub to do
> that verification.)
It's a feature from git itself, not github.

It is based on GPG-Keys so there's no central trusted instance which can
be a benefit or a curse depending on how you look at it.


                                                             (o o)
| Andreas Heigl                                                       |
| mailto:andreas at heigl.org                  N 50°22'59.5" E 08°23'58" |
| http://andreas.heigl.org                       http://hei.gl/wiFKy7 |
| http://hei.gl/root-ca                                               |

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2463 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mm.icann.org/pipermail/tz/attachments/20161104/8db0871a/smime-0001.p7s>

More information about the tz mailing list