On 10 Aug 2015 16:05, Matthias Maier wrote: > > Users can fetch/pull from Github. > > We could also provide automatic signed tags every 30min/1h/2h/whatever > (signed with a suitable infrastructure key). With that, the integrity of > a tagged git checkout can be easily verified on client side.
it would have to re-use the same tag name every time otherwise we end up with 17.5k/8.7k/4.3k/whatever new tags per year ... a really bad idea depending on how fast the process is, it could just be part of the receive hook on the server that does the checking now. that way the tag is always up to date with every push a developer makes. -mike
signature.asc
Description: Digital signature
