[PD-dev] moving to git
IOhannes m zmölnig
zmoelnig at iem.at
Fri Oct 16 19:32:00 CEST 2015
On 10/16/2015 02:41 PM, Roman Haefeli wrote:
> Ok, so what's the fuzz about non-secure connections when the repo's
> purpose is to _clone_ from it?
>
because the repository could have been tempered with.
i *think* I have a proper solution to the problem, that is unrelated to
https: if I gpg-sign the root commit of of each repository, then we
would have a guarantee that the repository is the one that I uploaded.
gfmards
IOhannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.puredata.info/pipermail/pd-dev/attachments/20151016/c22fae07/attachment.sig>
More information about the Pd-dev
mailing list