Hello, Simen Endsjø <[email protected]> writes:
> The Codeberg pull request template states we should "Verify > cryptographic signature provided by upstream.", but what does this mean > for git repositories? There is no link to further documentation for this > checkpoint. Right, we should improve the doc. Most of the time, that means checking the signature on the release tag. In very few cases, that means using ‘guix git authenticate’—but that’s for the very best packages only. :-) Ludo’.
