[tz] Tonga returns to DST on 2016-11-06
Russ Allbery
eagle at eyrie.org
Fri Nov 4 19:37:21 UTC 2016
Andreas Heigl <andreas at heigl.org> writes:
> Am 04.11.16 um 20:15 schrieb Russ Allbery:
>> GitHub will verify the signatures on tags for you if you upload the PGP
>> public key used to sign the tags to GitHub, and show the signature as
>> verified in their UI. (Of course, that assumes you trust GitHub to do
>> that verification.)
> It's a feature from git itself, not github.
> https://git-scm.com/book/uz/v2/Git-Tools-Signing-Your-Work
> It is based on GPG-Keys so there's no central trusted instance which can
> be a benefit or a curse depending on how you look at it.
You and I are talking about different things. I'm talking about the green
"Verified" text on, for example:
https://github.com/rra/remctl/tags
--
Russ Allbery (eagle at eyrie.org) <http://www.eyrie.org/~eagle/>
More information about the tz
mailing list