summaryrefslogtreecommitdiffstatshomepage
path: root/posts/verify-with-signify.md (follow)
Commit message (Collapse)AuthorAgeLines
* posts: Add short paragraph about verify-sig with pramanthaHEADmasterWolfgang Müller2024-03-30-1/+7
|
* posts: Remove Firefox tarball warningWolfgang Müller2021-07-20-6/+0
| | | | | | | | With [1] merged upstream and available starting with caddy 2.4.0, tarballs from cgit will no longer be compressed, making this warning obsolete. [1] https://github.com/caddyserver/caddy/pull/4045
* posts: Update nicknameWolfgang Müller2021-06-21-1/+1
|
* Use "Libera Chat" instead of "Libera.Chat"Wolfgang Müller2021-06-05-1/+1
|
* posts: Add guide to verify a commit from a tarballWolfgang Müller2021-05-22-0/+26
| | | | | | | | | When generating archives, git-archive(1) puts the commit ID in the global extended pax header. Therefore, an interesting side effect of signing tarballs generated with git-archive(1) is that we also implicitly sign a commit. Whilst we don't expect anyone to go through the hurdles needed to verify such a commit signature, make sure to document this case anyway.
* Move to Libera.ChatWolfgang Müller2021-05-20-2/+2
| | | | | | | | | freenode is no more [1][2][3][4]. [1] https://libera.chat/news/welcome-to-libera-chat [2] https://fuchsnet.ch/privat/fn-resign-letter.txt [3] https://www.kline.sh/ [4] https://mniip.com/freenode.txt
* posts: Clarify that signatures can also be obtained via cgitWolfgang Müller2021-05-16-3/+5
| | | | | | | | | | | | | | Commit 751da2c (posts: Update posts to reflect usage of cgit's signature mechanism, 2021-05-06) updated the project pages as well as "Verifying snapshots with signify" with information regarding the new cgit signature mechanism, but neglected to mention that signatures can be obtained directly through git.oriole.systems as well (the project pages merely deeplink to that). Furthermore, with commit 28c2473 (posts: Add a new post: "Hosting signify signatures on cgit", 2021-05-16) we now have an explanatory piece which we can link if people are interested in the underlying infrastructure.
* posts: Add warning about downloading tarballs with FirefoxWolfgang Müller2021-05-07-0/+6
| | | | Let's hope that bug is fixed in the next 10 years!
* posts: Update posts to reflect usage of cgit's signature mechanismWolfgang Müller2021-05-06-5/+5
| | | | | | | | | | | | | cgit can host detached signatures using git-notes(1). Since we want to make use of that going forward and have finally gotten around to setting it up fully, we need to make some small changes to verify-with-signify.md and the weltschmerz project page. Specifically, we no longer host both the signature and the checksum (since this would be too cumbersome to maintain with cgit), rendering the choice explained in the post moot. Since the detached signature has always contained the checksum, however, we can just fall back to a slightly different invocation for verifying it.
* posts: Update author informationWynn Wolf Arbor2020-04-10-1/+1
| | | | | In light of the addition of the author metadata tag to <head>, we decided to use our full name in the post tags.
* posts: Adjust for new IRC nicknameWynn Wolf Arbor2020-02-21-1/+1
|
* posts: Change author nameWolf2019-12-31-1/+1
|
* Initial importWolfgang Müller2019-07-21-0/+51
powered by cgit and git | oriole.systems | how to verify signatures