[tz] Tonga returns to DST on 2016-11-06
Andreas Heigl
andreas at heigl.org
Fri Nov 4 19:45:34 UTC 2016
Am 04.11.16 um 20:37 schrieb Russ Allbery:
> Andreas Heigl <andreas at heigl.org> writes:
>> Am 04.11.16 um 20:15 schrieb Russ Allbery:
>
>>> GitHub will verify the signatures on tags for you if you upload the PGP
>>> public key used to sign the tags to GitHub, and show the signature as
>>> verified in their UI. (Of course, that assumes you trust GitHub to do
>>> that verification.)
>
>> It's a feature from git itself, not github.
>> https://git-scm.com/book/uz/v2/Git-Tools-Signing-Your-Work
>
>> It is based on GPG-Keys so there's no central trusted instance which can
>> be a benefit or a curse depending on how you look at it.
>
> You and I are talking about different things. I'm talking about the green
> "Verified" text on, for example:
>
> https://github.com/rra/remctl/tags
>
we are actually talking abuot the same thing. The tag is signed with
your private key. As soon as you upload your public key to github, they
can verify the signed tag and add the "Verified" Text. And everyone else
can verify the tag also as long as they have your public key.
BTW: Since git 1.7.5 (I think) you can also sign commits and GitHub will
mark them as verified.
Cheers
Andreas
--
,,,
(o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl |
| mailto:andreas at heigl.org N 50°22'59.5" E 08°23'58" |
| http://andreas.heigl.org http://hei.gl/wiFKy7 |
+---------------------------------------------------------------------+
| http://hei.gl/root-ca |
+---------------------------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2463 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mm.icann.org/pipermail/tz/attachments/20161104/b7e15a3f/smime.p7s>
More information about the tz
mailing list