Yeah, I see where you're coming from. I don't think push certificates have caught on yet...
You can read on them on [1], and also under the Documentation/git-push:147. There's also another PR trying to make a sample hook for signed pushes on [2]. The basic idea is to push a signed data structure with relevant git reference information as a git object to avoid a server/mitm from moving references around. Cheers! -Santiago. [1] https://public-inbox.org/git/1408485987-3590-1-git-send-email-gits...@pobox.com/ [2] https://public-inbox.org/git/20171202091248.6037-1-r...@shikherverma.com/ On Mon, Jan 08, 2018 at 03:42:33PM -0500, Colin Walters wrote: > > > On Mon, Jan 8, 2018, at 3:40 PM, Santiago Torres wrote: > > Hi, > > > > I personally like the idea of git-evtags, but I feel that they could be > > made so that push certificates (and being hash-algorithm agnostic) > > should provide the same functionality with less code. > > What's a "push certificate"? (I really tried to find it in Google, > even going to page 4 where one can start to see tumbleweeds > going by... I'm fairly certain you're not talking about something related > to iOS notifications)
signature.asc
Description: PGP signature
