On Mon, May 25, 2015 at 09:51:41AM +0200, Thomas Koch wrote:
> On Sunday 24 May 2015 13:02:38 Thomas Koch wrote:
> > Git supports signing of commits since version 1.7.9. Everybody should sign
> > git commits always.
> There is however the argument that by signing every commit by default one may
> accidentally publish a signature on some unverified code and somebody else
> may
> trust this code because of this.
Much worse, do you trust all your development machines with your private
key? I clearly don't, as I neither have sole control over them, nor are
all of them located in jurisdictions I can expect any help against
seizure.
Bastian
--
Yes, it is written. Good shall always destroy evil.
-- Sirah the Yang, "The Omega Glory", stardate unknown
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive: https://lists.debian.org/20150525083306.ga8...@mail.waldi.eu.org
