On Thu, Apr 5, 2012 at 23:39, James Brown <jbrownfi...@gmail.com> wrote: > And how can I check signatures of the git tags?
You need to clone the repository, since git signatures sign SHA-1 hashes of DAG nodes [1], which need to be traversed until tree root for verification. This is also an answer to Andrew's question above: git tags are not better than signed source tarballs for users who only need to compile the source. [1] http://eagain.net/articles/git-for-computer-scientists/ -- Maxim Kammerer Liberté Linux (discussion / support: http://dee.su/liberte-contribute) _______________________________________________ tor-talk mailing list tor-talk@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk
