1 |
On 10 Aug 2015 16:05, Matthias Maier wrote: |
2 |
> > Users can fetch/pull from Github. |
3 |
> |
4 |
> We could also provide automatic signed tags every 30min/1h/2h/whatever |
5 |
> (signed with a suitable infrastructure key). With that, the integrity of |
6 |
> a tagged git checkout can be easily verified on client side. |
7 |
|
8 |
it would have to re-use the same tag name every time otherwise we end up with |
9 |
17.5k/8.7k/4.3k/whatever new tags per year ... a really bad idea |
10 |
|
11 |
depending on how fast the process is, it could just be part of the receive hook |
12 |
on the server that does the checking now. that way the tag is always up to date |
13 |
with every push a developer makes. |
14 |
-mike |