Re: gpg verify git sub modules useful?

Good questions, thank you for trying to figure out what I am asking. :) Junio C Hamano: > Patrick Schleizer writes: > >> When using git submodules, is there value in iterating about the git >> submodules running "git verfiy-commit HEAD" or would that be already >

gpg verify git sub modules useful?

When using git submodules, is there value in iterating about the git submodules running "git verfiy-commit HEAD" or would that be already covered by the git submodule verification? Cheers, Patrick

Re: [Whonix-devel] git log --pretty="format:%H$t%aN$t%s$t%G?" --show-signature

Thanks Mike! Mike Gerwitz wrote: >> Mike, could you please put your various git commit verification helper >> scripts into a publicly visible? > > You can use this: > > https://gitorious.org/easejs/easejs/source/ee85b058df783ffaa9f8d5ae58f9eb6d7586b0ca:tools/signchk > > But note that the default v

git log --pretty="format:%H$t%aN$t%s$t%G?" --show-signature

urposes.) See output: - user2@host:/home/user/testrepo$ git log --pretty="format:%H$t%aN$t%s$t%G?" --show-signature gpg: Signature made Thu 04 Dec 2014 04:37:58 PM UTC using RSA key ID 77BB3C48 gpg: Good signature from "Patrick Schleizer " gpg: WARNING: This key is not

Re: How safe are signed git tags? Only as safe as SHA-1 or somehow safer?

Dear git developers! Jeff King wrote: > On Sun, Nov 16, 2014 at 03:31:10PM +0000, Patrick Schleizer wrote: > >> How safe are signed git tags? Especially because git uses SHA-1. There >> is contradictory information around. >> >> So if one verifies a git ta

How safe are signed git tags? Only as safe as SHA-1 or somehow safer?

Hi! How safe are signed git tags? Especially because git uses SHA-1. There is contradictory information around. So if one verifies a git tag (`git tag -v tagname`), then `checksout`s the tag, and checks that `git status` reports no untracked/modified files, without further manually auditing the c