| 1 |
On 10 Aug 2015 16:05, Matthias Maier wrote: |
| 2 |
> > Users can fetch/pull from Github. |
| 3 |
> |
| 4 |
> We could also provide automatic signed tags every 30min/1h/2h/whatever |
| 5 |
> (signed with a suitable infrastructure key). With that, the integrity of |
| 6 |
> a tagged git checkout can be easily verified on client side. |
| 7 |
|
| 8 |
it would have to re-use the same tag name every time otherwise we end up with |
| 9 |
17.5k/8.7k/4.3k/whatever new tags per year ... a really bad idea |
| 10 |
|
| 11 |
depending on how fast the process is, it could just be part of the receive hook |
| 12 |
on the server that does the checking now. that way the tag is always up to date |
| 13 |
with every push a developer makes. |
| 14 |
-mike |
Archives