From fd4cd21388dc40d28af500902655976de137afd6 Mon Sep 17 00:00:00 2001 From: spwhitton Date: Sat, 8 Jun 2019 20:21:57 +0000 Subject: Added a comment --- .../comment_8_ba9fabe0096cd8808c4a50ea3ebe543c._comment | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 doc/forum/merging_upstream_changes_into_my_local_propellor_repo/comment_8_ba9fabe0096cd8808c4a50ea3ebe543c._comment (limited to 'doc') diff --git a/doc/forum/merging_upstream_changes_into_my_local_propellor_repo/comment_8_ba9fabe0096cd8808c4a50ea3ebe543c._comment b/doc/forum/merging_upstream_changes_into_my_local_propellor_repo/comment_8_ba9fabe0096cd8808c4a50ea3ebe543c._comment new file mode 100644 index 00000000..b1344a10 --- /dev/null +++ b/doc/forum/merging_upstream_changes_into_my_local_propellor_repo/comment_8_ba9fabe0096cd8808c4a50ea3ebe543c._comment @@ -0,0 +1,10 @@ +[[!comment format=mdwn + username="spwhitton" + avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb" + subject="comment 8" + date="2019-06-08T20:21:57Z" + content=""" +The `git://` protocol is unencrypted and unauthenticated and you're not verifying Joey's PGP signature on the tag that you merge, so this approach is dangerous. + +I would insert a `git verify-tag` step in there. You'd want to make a record of (and perhaps locally sign) Joey's PGP key. +"""]] -- cgit v1.2.3