Someone is squatting GnuPG names
wk at gnupg.org
Mon Apr 6 12:51:34 CEST 2020
On Sat, 4 Apr 2020 18:52, Uri Blumenthal said:
> It's good to know that this is the "official" GitHub mirror, because I
Given that Git is a decentralized VCS, it is not easy to say what is
official (i.e. from the usual upstream authors) and is non-official.
There is an easy solution however: Most of us sign our commits and all
release tags are also signed with the release key. And well there are
official release tarballs; we consider everything take directly from a a
repo as a development version.
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 227 bytes
Desc: not available
More information about the Gnupg-devel