|
|
|
|
|
|
by evgpbfhnr
778 days ago
|
|
|
People trust the forge all the time; if someone wants to mess with github (say, feed a different repo for everyone except developers using whatever it is they usually interact with the git with (ssh or their IP or whatever), it'd take a while to notice -- if they do that for existing releases archives distros might notice but for a new tag? I'll bet no-one sees it) From a pure git perspective, notes are normal objects so if everyone fetches the notes regularly they'll notice if they're tempered with just like regular commits iirc. I think you can add notes after the fact but not modify what's there? |
|
|