summaryrefslogtreecommitdiffstatshomepage
path: root/posts/verify-with-signify.md (unfollow)
Commit message (Collapse)AuthorLines
2021-07-20posts: Remove Firefox tarball warningWolfgang Müller-6/+0
With [1] merged upstream and available starting with caddy 2.4.0, tarballs from cgit will no longer be compressed, making this warning obsolete. [1] https://github.com/caddyserver/caddy/pull/4045
2021-06-21posts: Update nicknameWolfgang Müller-1/+1
2021-06-05Use "Libera Chat" instead of "Libera.Chat"Wolfgang Müller-1/+1
2021-05-22posts: Add guide to verify a commit from a tarballWolfgang Müller-0/+26
When generating archives, git-archive(1) puts the commit ID in the global extended pax header. Therefore, an interesting side effect of signing tarballs generated with git-archive(1) is that we also implicitly sign a commit. Whilst we don't expect anyone to go through the hurdles needed to verify such a commit signature, make sure to document this case anyway.
2021-05-20Move to Libera.ChatWolfgang Müller-2/+2
freenode is no more [1][2][3][4]. [1] https://libera.chat/news/welcome-to-libera-chat [2] https://fuchsnet.ch/privat/fn-resign-letter.txt [3] https://www.kline.sh/ [4] https://mniip.com/freenode.txt
2021-05-16posts: Clarify that signatures can also be obtained via cgitWolfgang Müller-3/+5
Commit 751da2c (posts: Update posts to reflect usage of cgit's signature mechanism, 2021-05-06) updated the project pages as well as "Verifying snapshots with signify" with information regarding the new cgit signature mechanism, but neglected to mention that signatures can be obtained directly through git.oriole.systems as well (the project pages merely deeplink to that). Furthermore, with commit 28c2473 (posts: Add a new post: "Hosting signify signatures on cgit", 2021-05-16) we now have an explanatory piece which we can link if people are interested in the underlying infrastructure.
2021-05-07posts: Add warning about downloading tarballs with FirefoxWolfgang Müller-0/+6
Let's hope that bug is fixed in the next 10 years!
2021-05-06posts: Update posts to reflect usage of cgit's signature mechanismWolfgang Müller-5/+5
cgit can host detached signatures using git-notes(1). Since we want to make use of that going forward and have finally gotten around to setting it up fully, we need to make some small changes to verify-with-signify.md and the weltschmerz project page. Specifically, we no longer host both the signature and the checksum (since this would be too cumbersome to maintain with cgit), rendering the choice explained in the post moot. Since the detached signature has always contained the checksum, however, we can just fall back to a slightly different invocation for verifying it.
2020-04-10posts: Update author informationWynn Wolf Arbor-1/+1
In light of the addition of the author metadata tag to <head>, we decided to use our full name in the post tags.
2020-02-21posts: Adjust for new IRC nicknameWynn Wolf Arbor-1/+1
2019-12-31posts: Change author nameWolf-1/+1
powered by cgit and git | oriole.systems | how to verify signatures