On Wed, Dec 09, 2015 at 05:43:36PM -0500, Jeff King wrote:
> On Wed, Dec 09, 2015 at 02:24:17PM -0800, Stefan Beller wrote:
>
> > On Wed, Dec 9, 2015 at 2:04 PM, Jeff King wrote:
> > >
> > > Of course you can't just fetch the v1.7.1.4 tag _now_, because the same
> > > person impersonating the mos
On Wed, Dec 09, 2015 at 02:24:17PM -0800, Stefan Beller wrote:
> On Wed, Dec 9, 2015 at 2:04 PM, Jeff King wrote:
> >
> > Of course you can't just fetch the v1.7.1.4 tag _now_, because the same
> > person impersonating the most recent tag could also be impersonating
> > (and back-dating) the olde
On Wed, Dec 9, 2015 at 2:04 PM, Jeff King wrote:
>
> Of course you can't just fetch the v1.7.1.4 tag _now_, because the same
> person impersonating the most recent tag could also be impersonating
> (and back-dating) the older tags. But you could fetch it now, store it
> somewhere trusted (e.g., on
On Wed, Dec 09, 2015 at 09:03:47AM -0800, Jamie Evans wrote:
> Thanks, Junio, for the tutorial! I had tried to lookup the key, but
> failed to put the ‘0x’ at the head.
An easier way to get keys is just:
$ gpg --recv-keys 96AFE6CB
gpg: requesting key 96AFE6CB from hkp server keys.gnupg.net
Thanks, Junio, for the tutorial! I had tried to lookup the key, but failed to
put the ‘0x’ at the head.
I was actually verifying the signature on a tarball release. Just curious, how
do I know the key in the database really belongs to you? It’s has your name
and email, but what’s to keep a
Jamie Evans writes:
> Can you please point me to the public GPG keys used for source code signing?
I suspect that you are asking about our project, but instead of
throwing you a fish, I'll show you how to catch one yourself.
In a copy of linux kernel repository I have lying around from a
random
6 matches
Mail list logo
