8 Dec
2016
8 Dec
'16
3:45 p.m.
Hello, Just a small comment. On 12/07/2016 03:48 PM, Jelle van der Waa wrote:
* git url, but no #tag= or #commit= specified, should verify HEAD on the #branch or no tag, commit, branch case.
For a #commit=hash you shouldn't have to verify anything, since git itself guarantees that the code under a specific commit hash cannot change. Everything else can change, including tags, so those are suitable for pgp verification. Thanks, Travis