summaryrefslogtreecommitdiff
path: root/README
diff options
context:
space:
mode:
Diffstat (limited to 'README')
-rw-r--r--README6
1 files changed, 1 insertions, 5 deletions
diff --git a/README b/README
index ce9769c0..2013799b 100644
--- a/README
+++ b/README
@@ -54,7 +54,7 @@ for available fields.
It's often easiest for a remote host to use a git:// or http://
url to its origin repository, rather than ssh://. So, to avoid a MITM
-attack, propellor checks that the top commit in the git repository is gpg
+attack, propellor checks that any commit it fetched from origin is gpg
signed by a trusted gpg key, and refuses to deploy it otherwise.
This is only done when privdata/keyring.gpg exists. To set it up:
@@ -62,8 +62,4 @@ This is only done when privdata/keyring.gpg exists. To set it up:
gpg --gen-key # only if you don't already have a gpg key
propellor --add-key $MYKEYID
-The keyring.gpg can be checked into git, but to ensure that it's
-used from the beginning when bootstrapping, propellor --spin
-transfers it to the host using ssh.
-
[1] http://reclass.pantsfullofunix.net/