[tz] Tonga returns to DST on 2016-11-06
Andreas Heigl
andreas at heigl.org
Fri Nov 4 19:29:16 UTC 2016
Am 04.11.16 um 20:15 schrieb Russ Allbery:
> Paul G <paul at ganssle.io> writes:
>
>> There is a way to sign tags directly, but I'm not sure that there's a
>> way to actually verify the signature without cloning the git
>> repository. It might be worth looking into some sort of script or hook
>> that automatically generates signed tarballs for distribution when the
>> repository is tagged.
>
> GitHub will verify the signatures on tags for you if you upload the PGP
> public key used to sign the tags to GitHub, and show the signature as
> verified in their UI. (Of course, that assumes you trust GitHub to do
> that verification.)
>
It's a feature from git itself, not github.
https://git-scm.com/book/uz/v2/Git-Tools-Signing-Your-Work
It is based on GPG-Keys so there's no central trusted instance which can
be a benefit or a curse depending on how you look at it.
Cheers
Andreas
--
,,,
(o o)
+---------------------------------------------------------ooO-(_)-Ooo-+
| Andreas Heigl |
| mailto:andreas at heigl.org N 50°22'59.5" E 08°23'58" |
| http://andreas.heigl.org http://hei.gl/wiFKy7 |
+---------------------------------------------------------------------+
| http://hei.gl/root-ca |
+---------------------------------------------------------------------+
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2463 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://mm.icann.org/pipermail/tz/attachments/20161104/8db0871a/attachment.bin>
More information about the tz
mailing list