Browse Source

complete migration to gitea... signing commits works now!

main
John-Mark Gurney 4 years ago
parent
commit
00842d156d
Signed by: jmg GPG Key ID: 205F0B33DD006ADA
1 changed files with 5 additions and 6 deletions
  1. +5
    -6
      README.md

+ 5
- 6
README.md View File

@@ -15,7 +15,7 @@ The only file needed for this is the snapaid.sh script. The other files
are used for generating the index. are used for generating the index.


``` ```
$wget https://raw.githubusercontent.com/jmgurney/snapaid/master/snapaid.sh
$wget https://www.funkthat.com/gitea/jmg/snapaid/raw/branch/master/snapaid.sh
$chmod 755 snapaid.sh $chmod 755 snapaid.sh
$./snapaid.sh find $./snapaid.sh find
``` ```
@@ -26,11 +26,10 @@ Notes
This repository will be signed by my FreeBSD GPG key. It is available This repository will be signed by my FreeBSD GPG key. It is available
at: https://www.freebsd.org/doc/en_US.ISO8859-1/articles/pgpkeys/pgpkeys-developers.html#pgpkey-jmg at: https://www.freebsd.org/doc/en_US.ISO8859-1/articles/pgpkeys/pgpkeys-developers.html#pgpkey-jmg


You will *NOT* see the verified tag on github, because if I upload my key
to github, github will mark edits done on the website as verified even
though it was not authenticated by my GPG key. This destroys the point
of signing commits, as anyone who is able to take over my github account
and not my GPG key, could now impersonate me, and make malicious changes.
Now that snapaid has migrated from GitHub to Gitea, you will see the
verified lock icon with the commits. This is because unlike GitHub,
Gitea won't falsely show a commit as verified unless it was signed by
and only by the user's PGP key.


NOTE: The xz vs non-xz versions of some of the images are not able to be NOTE: The xz vs non-xz versions of some of the images are not able to be
differentiated. Currently sorting rules should always put the xz version differentiated. Currently sorting rules should always put the xz version


Loading…
Cancel
Save