Comment by johncolanduoni
6 days ago
There would also have to be a compromise of the transport (i.e. a MITM of HTTPS or SSH) to use this in most practical scenarios.
6 days ago
There would also have to be a compromise of the transport (i.e. a MITM of HTTPS or SSH) to use this in most practical scenarios.
It still weakens the security, otherwise why bother with integrity/signature checks if you trust the git remote?