Join GitHub today
GitHub is home to over 40 million developers working together to host and review code, manage projects, and build software together.Sign up
From now all commits to the
Signing will also be an opt-in feature to begin. This allows a testing period for existing users with an easy method of reverting back to the current update process.
I'm leaning towards this being the default afterwards though I'm still thinking about it.
Hurdles to overcome before this will reach users:
Repository signing is fully functional as of
This is an example update (just a single new commit).
-> Updating repositories -> /var/db/kiss/repo Updating repository -> /var/db/kiss/repo Need root to update Commit 41f27e0 has a good GPG signature by Dylan Araps <firstname.lastname@example.org> Updating e2c00a9..41f27e0 Fast-forward core/kiss/checksums | 2 +- core/kiss/sources | 2 +- core/kiss/version | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) -> Checking for new package versions -> Everything is up to date
The specific line to look at is:
Commit 41f27e0 has a good GPG signature by Dylan Araps <email@example.com>
Opting into package signing for the system-wide repository: