ask github to encourage signed git tags
Hi,
we want upstream to sign releases. Nowadays a lot of software is on github and
a release is just a git tag. - An unsigned git tag ... :-(
Github has a site that shows tags[1] but it does not give any indication
whether the tag is signed or not.
[1] e.g. https://github.com/Flameeyes/unpaper/tags
Github should add visual feedback on this tags page: grey for unsigned, yellow
for signed and green for signed and connected to the web-of-trust. Next to a
grey or yellow tag there should be links to help texts.
I expect that this would help to increase the usage of signed git tags.
I asked github.com/contact to do this more than a year ago. - No response.
What, if the debian project together with others would request this through a
more official channel?
Yes, github is proprietary. Still it would be in the best interest of
everybody if software was signed. Even github would not want to host malicious
code.
Does anybody have contact to github?
Thomas Koch
Reply to: