Someone is squatting GnuPG names
Werner Koch
wk at gnupg.org
Mon Apr 6 12:51:34 CEST 2020
On Sat, 4 Apr 2020 18:52, Uri Blumenthal said:
> It's good to know that this is the "official" GitHub mirror, because I
Given that Git is a decentralized VCS, it is not easy to say what is
official (i.e. from the usual upstream authors) and is non-official.
There is an easy solution however: Most of us sign our commits and all
release tags are also signed with the release key. And well there are
official release tarballs; we consider everything take directly from a a
repo as a development version.
Shalom-Salam,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 227 bytes
Desc: not available
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20200406/5f33385f/attachment.sig>
More information about the Gnupg-devel
mailing list