Hi!
How safe are signed git tags? Especially because git uses SHA-1. There
is contradictory information around.
So if one verifies a git tag (`git tag -v tagname`), then `checksout`s
the tag, and checks that `git status` reports no untracked/modified
files, without further manually auditing the
Dear git developers!
Jeff King wrote:
On Sun, Nov 16, 2014 at 03:31:10PM +, Patrick Schleizer wrote:
How safe are signed git tags? Especially because git uses SHA-1. There
is contradictory information around.
So if one verifies a git tag (`git tag -v tagname`), then `checksout`s
.) See output:
-
user2@host:/home/user/testrepo$ git log
--pretty=format:%H$t%aN$t%s$t%G? --show-signature
gpg: Signature made Thu 04 Dec 2014 04:37:58 PM UTC using RSA key ID
77BB3C48
gpg: Good signature from Patrick Schleizer adrela...@riseup.net
gpg: WARNING: This key is not certified
Thanks Mike!
Mike Gerwitz wrote:
Mike, could you please put your various git commit verification helper
scripts into a publicly visible?
You can use this:
https://gitorious.org/easejs/easejs/source/ee85b058df783ffaa9f8d5ae58f9eb6d7586b0ca:tools/signchk
But note that the default value of
When using git submodules, is there value in iterating about the git
submodules running "git verfiy-commit HEAD" or would that be already
covered by the git submodule verification?
Cheers,
Patrick
Good questions, thank you for trying to figure out what I am asking. :)
Junio C Hamano:
> Patrick Schleizer <patrick-mailingli...@whonix.org> writes:
>
>> When using git submodules, is there value in iterating about the git
>> submodules running "git verfiy-commit H
6 matches
Mail list logo