|
|
|
|
|
|
by dumbneurologist
3058 days ago
|
|
|
Not quite: his/her point is that it's on the user to validate the author as opposed to the location. If you care about security, you should pull from a repo, then check a against a signature. Your https connection confirms you got something from github, but you have the ability to prove the thing you got from github was from the same individual. |
|
|