No, but releases, aka tags, are. On Tue, Feb 23, 2016, 9:06 AM Jason A. Donenfeld <[email protected]> wrote:
> On Tue, Feb 23, 2016 at 2:53 PM, Brian Minton <[email protected]> wrote: > > Certainly got can sign individual tags with an OpenPGP key. Each commit > is > > also hashed and the hashes are known. If you sign every commit, or at > least > > every release, the code can't be tampered with. This is the workflow of, > for > > instance, the Linux kernel. > > False. Commits in Linux development are not routinely signed. >
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
