Re: Fetching from the git repositories over https?

Subject: Re: Fetching from the git repositories over https?

Date: Fri, 9 Feb 2018 06:28:04 +0000

To: Daniel Kahn Gillmor

Cc: notmuch@notmuchmail.org

From: Adam Plaice

Hi Daniel,

Thanks very much for the reply.  I fully agree that the verifying of
git tags by MELPA would be valuable (and rather important from a
security perspective), and will bring it up.

BTW, is the GitHub mirror https://github.com/notmuch/notmuch/
mentioned in README.rst, semi-official in the sense of being likely to
be up to date?  If, yes, it could be used as a stopgap intermediary
"source" for MELPA, until https transport is possible with the main
notmuch repository or MELPA supports verifying signed git tags.

Thanks again,
Adam
_______________________________________________
notmuch mailing list
notmuch@notmuchmail.org
https://notmuchmail.org/mailman/listinfo/notmuch

Thread: