| Commit message (Collapse) | Author | Age | Lines |
|
|
|
|
|
|
|
| |
With [1] merged upstream and available starting with caddy 2.4.0,
tarballs from cgit will no longer be compressed, making this warning
obsolete.
[1] https://github.com/caddyserver/caddy/pull/4045
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
When generating archives, git-archive(1) puts the commit ID in the
global extended pax header. Therefore, an interesting side effect of
signing tarballs generated with git-archive(1) is that we also
implicitly sign a commit. Whilst we don't expect anyone to go through
the hurdles needed to verify such a commit signature, make sure to
document this case anyway.
|
|
|
|
|
|
|
|
|
| |
freenode is no more [1][2][3][4].
[1] https://libera.chat/news/welcome-to-libera-chat
[2] https://fuchsnet.ch/privat/fn-resign-letter.txt
[3] https://www.kline.sh/
[4] https://mniip.com/freenode.txt
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 751da2c (posts: Update posts to reflect usage of cgit's signature
mechanism, 2021-05-06) updated the project pages as well as "Verifying
snapshots with signify" with information regarding the new cgit
signature mechanism, but neglected to mention that signatures can be
obtained directly through git.oriole.systems as well (the project pages
merely deeplink to that).
Furthermore, with commit 28c2473 (posts: Add a new post: "Hosting
signify signatures on cgit", 2021-05-16) we now have an explanatory
piece which we can link if people are interested in the underlying
infrastructure.
|
|
|
|
| |
Let's hope that bug is fixed in the next 10 years!
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cgit can host detached signatures using git-notes(1). Since we want to
make use of that going forward and have finally gotten around to setting
it up fully, we need to make some small changes to
verify-with-signify.md and the weltschmerz project page.
Specifically, we no longer host both the signature and the checksum
(since this would be too cumbersome to maintain with cgit), rendering
the choice explained in the post moot. Since the detached signature has
always contained the checksum, however, we can just fall back to a
slightly different invocation for verifying it.
|
|
|
|
|
| |
In light of the addition of the author metadata tag to <head>, we
decided to use our full name in the post tags.
|
| |
|
| |
|
|
|