On Sat, 2015-11-21 at 20:09 +0100, Simon Ruderich wrote: > Btw. it would be really nice if we could get signed releases > (signed git tag and signature files for the tarballs). Having to > download untrusted code and just running it is something I'd like > to avoid. Especially useful for distributions which provide those > sources to many users. I totally agree with Simon here. It's not much of a hassle to do that; in fact, even signed commits are nice and very easy with git, just use git commit -S + the commit.signingkey option: git config --global user.signingkey <key> Best Christian
Attachment:
signature.asc
Description: This is a digitally signed message part