Andrea Pappacoda writes ("Re: pristine-tar: please add -S (sign commit)
option"):
> Speaking just for the tag2upload part: the way we're currently
> implementing this, pristine-tar commit signatures would not get used at
> all. You can follow the progress at https://bugs.debian.org/1106071
Indeed.
Also, I have very strong reservations about git signed commits.
I even wrote a whole blog post (back in 2018):
git signed commits are a bad idea
https://diziet.dreamwidth.org/515.html
That's written from my background as a cryptographic protocol
designer.
Ian.
--
Ian Jackson <[email protected]> These opinions are my own.
Pronouns: they/he. If I emailed you from @fyvzl.net or @evade.org.uk,
that is a private address which bypasses my fierce spamfilter.
