Troy Sankey <sankey...@gmail.com> skribis: > Quoting Ludovic Courtès (2016-08-31 16:21:49) >> (That said, more and more software is distributed via Git rather than as >> tarballs, and most repos are unsigned; even if they were, there are >> basically no tools to meaningfully authenticate a Git checkout…) > > In that case, not all hope is lost---I've seen many projects sign git tags.
Indeed, but signing is the easy part. :-) http://debbugs.gnu.org/cgi/bugreport.cgi?bug=22883#73 Ludo’.