If the repo's commits are signed, that closes the MITM attack/alteration vectors, and snooping too, at least learning what state is being copied in by a pull command.
True! But I don't think the percentage of repo's actually using signed commits is very high
Please Login to reply.
No replies yet.
