diff options
author | Wolfgang Müller | 2021-05-22 13:22:34 +0200 |
---|---|---|
committer | Wolfgang Müller | 2021-05-22 13:22:34 +0200 |
commit | 0da8a6e3d85a98e38b1abc2499f7e7b3fe5d9534 (patch) | |
tree | ef5f061ddaecc6dee62a740ec7de297c5491fcf0 /posts/quarg.md | |
parent | 7d3a8b42587ba51c6f5c738d1c4c35cb7d405e20 (diff) | |
download | site-0da8a6e3d85a98e38b1abc2499f7e7b3fe5d9534.tar.gz |
posts: Add guide to verify a commit from a tarball
When generating archives, git-archive(1) puts the commit ID in the
global extended pax header. Therefore, an interesting side effect of
signing tarballs generated with git-archive(1) is that we also
implicitly sign a commit. Whilst we don't expect anyone to go through
the hurdles needed to verify such a commit signature, make sure to
document this case anyway.
Diffstat (limited to '')
0 files changed, 0 insertions, 0 deletions