[SGVLUG] Keysigning
Diane Trout
diane at ghic.org
Sun Dec 1 21:23:13 PST 2013
On Sunday, December 01, 2013 19:34:40 Henry B Hotz wrote:
> +1 to Dustin's post of 12:16
>
> On Nov 30, 2013, at 10:51 AM, Diane Trout <diane at ghic.org> wrote:
> > So when one of them signed a some Python software I had reason to believe
> > that it was certified by a person I had met. (You can get to stronger
> > levels of trust in a piece of software using signed commits in git).
>
> Could someone please explain what this means? Git uses stronger crypto than
> PGP?
No git has the option of using GPG keys for signing tags (git tag -s) and
commits (git commit -S).
Though for people who dislike the WoT, I don't see whats wrong with using the
WoT as long as you think of it as providing supportive evidence and not
certainty.
Diane
More information about the SGVLUG
mailing list