On Sat, Jul 7, 2018 at 1:51 AM Martin Vaeth <[email protected]> wrote: > > Davyd McColl <[email protected]> wrote: > > > I ask because prior to the GitHub incident, I didn't have signature > > verification enabled > > Currently, it is not practical to change this, see my other posting. >
You clearly don't understand what it actually checks. It is completely practical to enable this today (though not as secure as it could be). I'll elaborate in a reply to the other email. -- Rich
