[tor-dev] Git hosting changes, git:// support discontinued
Yawning Angel
yawning at schwanenlied.me
Sun Nov 30 23:55:31 UTC 2014
On Sun, 30 Nov 2014 17:32:05 -0500
Jason Cooper <tor at lakedaemon.net> wrote:
> > It is unauthenticated and you probably shouldn't use it if at all
> > possible.
>
> How does that matter? All of the tags are signed by Nick Mathewson.
> This allows the server *and* the path to be untrusted.
What about intermediary commits between tagged releases? Yes, signing
each commit is possible, and probably even a good idea, but it's not
currently done.
Regards,
--
Yawning Angel
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.torproject.org/pipermail/tor-dev/attachments/20141130/610bf798/attachment.sig>
More information about the tor-dev
mailing list