Hello, Arun Isaac <arunis...@systemreboot.net> writes:
>> However, gpg signing release tag commits is dead simple and would >> take a total of maybe 10 minutes of work over the lifetime of the project >> (please correct me if I'm wrong). > > I second this statement. GPG signing sounds good to me. We should do > this. GPG signing tags is OK, but I wouldn't like to request every commit to be signed. >> I know that https can be a bit tedious to setup so I am not asking for it >> (though I do think it would be great if it was enabled on the site in some >> fashion). > > HTTPS is not so tedious these days with Let's Encrypt. > > https://letsencrypt.org/ > > We should set up HTTPS as well. It would be nice, indeed. I'm Cc'ing Bastien for his opinion on the matter, and a possible step forward. Regards, -- Nicolas Goaziou
