summaryrefslogtreecommitdiff
path: root/doc/forum/merging_upstream_changes_into_my_local_propellor_repo/comment_8_ba9fabe0096cd8808c4a50ea3ebe543c._comment
blob: b1344a10bbefd97849050b12f570724a8b5be4b8 (plain)
1
2
3
4
5
6
7
8
9
10
[[!comment format=mdwn
 username="spwhitton"
 avatar="http://cdn.libravatar.org/avatar/9c3f08f80e67733fd506c353239569eb"
 subject="comment 8"
 date="2019-06-08T20:21:57Z"
 content="""
The `git://` protocol is unencrypted and unauthenticated and you're not verifying Joey's PGP signature on the tag that you merge, so this approach is dangerous.

I would insert a `git verify-tag` step in there.  You'd want to make a record of (and perhaps locally sign) Joey's PGP key.
"""]]