2 Apr
2022
2 Apr
'22
4:36 a.m.
This brings up a question, though:
How do we treat verified commits? Do we check these at all from a server,
standpoint, or is it purely for consumers?
I already sign my AUR commits, and I can verify them:
(venv) { kevr sprunge } > git verify-commit 8d5259274278ac103c45622ed91b5ee83673db2
gpg: Signature made Mon 03 Jan 2022 01:28:24 PM PST
gpg: using RSA key 0F985B6F99B6686854C44EC3F7E46DED420788F3
gpg: Good signature from "Kevin Morris (kevr)