Bug 322

Summary: deploy git commit signoff and git tag signing
Product: Libre-SOC's first SoC Reporter: Luke Kenneth Casson Leighton <lkcl>
Component: Source CodeAssignee: Luke Kenneth Casson Leighton <lkcl>
Status: CONFIRMED ---    
Severity: enhancement CC: libre-soc-bugs, programmerjake
Priority: ---    
Version: unspecified   
Hardware: Other   
OS: Linux   
See Also: https://bugs.libre-soc.org/show_bug.cgi?id=266
NLnet milestone: --- total budget (EUR) for completion of task and all subtasks: 0
budget (EUR) for this task, excluding subtasks' budget: 0 parent task for budget allocation:
child tasks for budget allocation: The table of payments (in EUR) for this task; TOML format:

Description Luke Kenneth Casson Leighton 2020-05-18 22:01:58 BST 
https://bugs.libre-soc.org/show_bug.cgi?id=266#c3

relying solely on https paints a hacking target on our server.  if however the commits or tags are GPG signed, these are offline, distributed, and harder to compromise.

this will become relevant when we start doing releases.