1 |
Hi, |
2 |
|
3 |
On Sun, 13 Dec 2015 18:38:55 +0100 Patrick Lauer wrote: |
4 |
> On 12/13/2015 06:36 PM, Patrick Lauer wrote: |
5 |
> > So apparently we're signing things with gpg now |
6 |
> |
7 |
> And a related question: |
8 |
> |
9 |
> How would I actually verify the signatures in a meaningful way? |
10 |
|
11 |
git log --show-signature does this using GnuPG. |
12 |
|
13 |
Of course, in order to gpg to work one have to mark dev keys as |
14 |
trusted, they can be verified using ldap or several public |
15 |
keyservers. LDAP is more reliable, of course, but this method works |
16 |
only for devs (and probably some stuff members) having an access |
17 |
here. |
18 |
|
19 |
> ... and why is that not default then. |
20 |
|
21 |
|
22 |
Best regards, |
23 |
Andrew Savchenko |