Re: [CentOS-devel] Back on CentOS-devel to get some git.centos.org improvements

6 Jul 2014


      On 07/06/2014 05:25 AM, Nico Kadel-Garcia wrote:
...
Some of that is in the '[packagename].medatada' file. Problem is, it's
inside the repository itself. The more common approach, built into git
directly for *exactly* this sort of use, is to use GPG signed tags.
It's possible to remove and replace a tag, but the GPG signature helps
assure that if that occurs, at least it was *intentional* by the owner
of the GPG tag.
if you can MITM the content, nothing signed or otherwise is assured to
be in any sate.
-- 
Karanbir Singh
+44-207-0999389 | http://www.karan.org/ | twitter.com/kbsingh
GnuPG Key : http://www.karan.org/publickey.asc

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

Re: [CentOS-devel] Back on CentOS-devel to get some git.centos.org improvements