-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On 2013.06.20 04.34, Mike Perry wrote: > We also include the full set of git hashes, version tags, and > input source hashes in the bundles themselves, so you know exactly > what went into your bundle if you want to try to match it at a > later date...
Have you considered asking developers to sign commits? That seems like it's the next step in terms of being able to verify a complete chain of code pedigree. E. - -- Ideas are my favorite toys. -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (MingW32) iF4EAREIAAYFAlHDrd0ACgkQQwkE2RkM0wqzVwEAlPJUeCUVmHJqXd+tlNhMrkUf 8oJ9xuMT71ph90IaK3kA/R+FznDuOYdSedSz3bbFNpM/q1E81cNL52jxDNzbWhpK =Rqmp -----END PGP SIGNATURE----- -- Too many emails? Unsubscribe, change to digest, or change password by emailing moderator at compa...@stanford.edu or changing your settings at https://mailman.stanford.edu/mailman/listinfo/liberationtech