Diffstat (limited to 'README')
1 files changed, 1 insertions, 5 deletions
@@ -54,7 +54,7 @@ for available fields.
It's often easiest for a remote host to use a git:// or http://
url to its origin repository, rather than ssh://. So, to avoid a MITM
-attack, propellor checks that the top commit in the git repository is gpg
+attack, propellor checks that any commit it fetched from origin is gpg
signed by a trusted gpg key, and refuses to deploy it otherwise.
This is only done when privdata/keyring.gpg exists. To set it up:
@@ -62,8 +62,4 @@ This is only done when privdata/keyring.gpg exists. To set it up:
gpg --gen-key # only if you don't already have a gpg key
propellor --add-key $MYKEYID
-The keyring.gpg can be checked into git, but to ensure that it's
-used from the beginning when bootstrapping, propellor --spin
-transfers it to the host using ssh.