[tz] Tonga returns to DST on 2016-11-06

Fri Nov 4 19:29:16 UTC 2016

Am 04.11.16 um 20:15 schrieb Russ Allbery:
> Paul G <paul at ganssle.io> writes:
> 
>> There is a way to sign tags directly, but I'm not sure that there's a
>> way to actually verify the signature without cloning the git
>> repository. It might be worth looking into some sort of script or hook
>> that automatically generates signed tarballs for distribution when the
>> repository is tagged.
> 
> GitHub will verify the signatures on tags for you if you upload the PGP
> public key used to sign the tags to GitHub, and show the signature as
> verified in their UI.  (Of course, that assumes you trust GitHub to do
> that verification.)
> 
It's a feature from git itself, not github.
https://git-scm.com/book/uz/v2/Git-Tools-Signing-Your-Work

It is based on GPG-Keys so there's no central trusted instance which can
be a benefit or a curse depending on how you look at it.

Cheers

Andreas
-- 
                                                              ,,,
                                                             (o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl                                                       |
| mailto:andreas at heigl.org                  N 50°22'59.5" E 08°23'58" |
| http://andreas.heigl.org                       http://hei.gl/wiFKy7 |
+---------------------------------------------------------------------+
| http://hei.gl/root-ca                                               |
+---------------------------------------------------------------------+

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2463 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mm.icann.org/pipermail/tz/attachments/20161104/8db0871a/smime-0001.p7s>