master bminton.is-a-geek.net:~/src/linux$ git tag -v v4.5-rc1 object 92e963f50fc74041b5e9e744c330dca48e04f08d type commit tag v4.5-rc1 tagger Linus Torvalds <[email protected]> 1453669617 -0800
Linux 4.5-rc1 gpg: Signature made Sun 24 Jan 2016 04:06:57 PM EST gpg: using RSA key 79BE3E4300411886 gpg: Good signature from "Linus Torvalds <[email protected]>" gpg: WARNING: This key is not certified with a trusted signature! gpg: There is no indication that the signature belongs to the owner. Primary key fingerprint: ABAF 11C6 5A29 70B1 30AB E3C4 79BE 3E43 0041 1886 master bminton.is-a-geek.net:~/src/linux$ On Tue, Feb 23, 2016, 9:20 AM Brian Minton <[email protected]> wrote: > No, but releases, aka tags, are. > > On Tue, Feb 23, 2016, 9:06 AM Jason A. Donenfeld <[email protected]> wrote: > >> On Tue, Feb 23, 2016 at 2:53 PM, Brian Minton <[email protected]> wrote: >> > Certainly got can sign individual tags with an OpenPGP key. Each commit >> is >> > also hashed and the hashes are known. If you sign every commit, or at >> least >> > every release, the code can't be tampered with. This is the workflow >> of, for >> > instance, the Linux kernel. >> >> False. Commits in Linux development are not routinely signed. >> >
_______________________________________________ Password-Store mailing list [email protected] http://lists.zx2c4.com/mailman/listinfo/password-store
