30 Nov
2014
30 Nov
'14
11:55 p.m.
On Sun, 30 Nov 2014 17:32:05 -0500 Jason Cooper tor@lakedaemon.net wrote:
It is unauthenticated and you probably shouldn't use it if at all possible.
How does that matter? All of the tags are signed by Nick Mathewson. This allows the server *and* the path to be untrusted.
What about intermediary commits between tagged releases? Yes, signing each commit is possible, and probably even a good idea, but it's not currently done.
Regards,
--
Yawning Angel