Hi, On Sun, 13 Dec 2015 18:38:55 +0100 Patrick Lauer wrote: > On 12/13/2015 06:36 PM, Patrick Lauer wrote: > > So apparently we're signing things with gpg now > > And a related question: > > How would I actually verify the signatures in a meaningful way?
git log --show-signature does this using GnuPG. Of course, in order to gpg to work one have to mark dev keys as trusted, they can be verified using ldap or several public keyservers. LDAP is more reliable, of course, but this method works only for devs (and probably some stuff members) having an access here. > ... and why is that not default then. Best regards, Andrew Savchenko
pgpaR8EFsY5mi.pgp
Description: PGP signature
