|
|
|
|
|
|
by TheDong
453 days ago
|
|
|
1. Unsigned commits is the norm. It's weird to sign git commits. It's weird to upload your gpg key to github. gpg is a nightmare mess. 2. They aren't introducing the bug, those are all unreleased commits, so advice to "uninstall now" for something no distros are shipping would be silly. 3. The diff is trivial, you can read it and figure out if it looks like they're fixing a real exploitable thing. The answer is obviously no. |
|
|
I agree on that, but note that you're also able to use your existing SSH key for signing commits. https://docs.github.com/en/authentication/managing-commit-si...