(i mean... it almost makes me wanna say that we should sign all of our git commits)
we should use annotated git tags. that is to say, git tags with more information associated with them, including a gpg signature. ok so in that case we should have a release signing key and an offline master release signing key. or what?
(i mean... it almost makes me wanna say that we should sign all of our git commits)
we should use annotated git tags. that is to say, git tags with more information associated with them, including a gpg signature. ok so in that case we should have a release signing key and an offline master release signing key. or what?