From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 7448 invoked by alias); 22 Nov 2015 14:38:05 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: X-Seq: 37185 Received: (qmail 702 invoked from network); 22 Nov 2015 14:38:04 -0000 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on f.primenet.com.au X-Spam-Level: X-Spam-Status: No, score=-1.9 required=5.0 tests=BAYES_00 autolearn=ham autolearn_force=no version=3.4.0 X-PDA-ORIGIN: gallois.livando.com Message-ID: <1448202666.4521.3.camel@LivandoMobile> Subject: Re: zsh 5.1.1-test-1 From: Christian Heinrich To: zsh-workers@zsh.org Date: Sun, 22 Nov 2015 15:31:06 +0100 In-Reply-To: <20151121190908.GA1249@ruderich.org> References: <20151121183514.527eccf6@ntlworld.com> <20151121190908.GA1249@ruderich.org> Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="=-8YloCKtHoun3F8s3bxdz" X-Mailer: Evolution 3.2.3-0ubuntu6 Mime-Version: 1.0 --=-8YloCKtHoun3F8s3bxdz Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable On Sat, 2015-11-21 at 20:09 +0100, Simon Ruderich wrote: > Btw. it would be really nice if we could get signed releases > (signed git tag and signature files for the tarballs). Having to > download untrusted code and just running it is something I'd like > to avoid. Especially useful for distributions which provide those > sources to many users. I totally agree with Simon here. It's not much of a hassle to do that; in fact, even signed commits are nice and very easy with git, just use git commit -S + the commit.signingkey option: git config --global user.signingkey Best=20 Christian --=-8YloCKtHoun3F8s3bxdz Content-Type: application/pgp-signature; name="signature.asc" Content-Description: This is a digitally signed message part Content-Transfer-Encoding: 7bit -----BEGIN PGP SIGNATURE----- iQIcBAABCgAGBQJWUdGqAAoJEIvOFdNRb8w8sxQP/R0MQiXvoSOi5AdVWnPOlZwQ fMQW8D5xF4WXEez+pC+b45WIm30Usl0WpKfzZTaHORtcfC86PaI33ZsJ89ME1DDK LOO9UmrsVaFhBWEqlKr8sDdHFenQ2CL+yXGYmwO3mdYZbHGGpH2cUxzpqWh5I/n6 DMg1V08T4GxUE8wtMPu74mj2ecTmWeuHKboGrrvu3NBLTa27tYRF351KNwmfoacU 4t1PTK5id7atS29aEHnqTHMlZxXI2L0A3j93AjsQQyMCQag/0Qr5ZUAhyuYAPck7 VV1xwTkt8KMAERTiVnnh0BJC2Qy1Us2M8rI+Yp1ZbWA0XNwZ970JcCB0O/5ABWQ/ 6j3mSezsaN0nAIZf8bWRK3PwhZc3X6/b0pB/TA7w2nYtZ/g9SVbOdJMmF1mgEc6M cnjspzuO2OgZmCgXMx5S9LG8rbDBvTuLqCxZ9FJGxXsR6P4sWtslKtGihr7I1cpj OGW9esIN1mRhoRokFmJo6XvJJcyfgNov99puiED1RUppnGADJdmMj4H1EeeNtKVE LJUrjQvjHDpsB0+eDNybhVrq4MjEujLZBVBIVxnMzbYVo7lQP4cdxlicBPhs/h48 2sgnJn6AQlw9304UwwQdoO+vAQ6D6yElD2rHqal9wShlnN2dE00QVK7acyvk/PKv SQDVdca2tDluMXkMVwDj =gC6F -----END PGP SIGNATURE----- --=-8YloCKtHoun3F8s3bxdz--