Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-03-09 | If GNU sha512sum is missing, try perl shasum in verify-commits | Matt Corallo | |
2017-03-09 | Make verify-commits.sh non-recursive | Matt Corallo | |
2017-03-06 | Fix bashisms in verify-commits and always check top commit's tree | Matt Corallo | |
2017-03-06 | Check gpg version before setting --weak-digest | Matt Corallo | |
2017-03-04 | Verify Tree-SHA512s in merge commits, enforce sigs are not SHA1 | Matt Corallo | |
2017-02-01 | Require merge commits merge branches on top of other merge commits | Matt Corallo | |
Specifically, require that the left branch (first restult of git show -s --format=format:%P) is a signed merge commit, instead of allowing either. This is fine for now, but might need to be relaxed in the future. Also fixes an out-of-file-descriptors issue by holding too many open FDs writing to /dev/null | |||
2016-09-11 | [copyright] add MIT license headers to .sh scripts where missing | isle2983 | |
Years are set according to 'git log' history | |||
2016-05-21 | Remove pointless warning | Peter Todd | |
Any attacker who managed to make an evil commit that changed something in the contrib/verify-commits/ directory could just as easily remove the warning and/or modify it to not display the evil commits; telling the user to check those commits specifically misleads them into checking just those commits rather than the script itself. | |||
2016-05-21 | Make verify-commits path-independent | Matt Corallo | |
2016-05-21 | Make verify-commits POSIX-compliant | Matt Corallo | |
2015-10-23 | Whitelist commits signed with Pieter's now-revoked key | Matt Corallo | |
2014-12-20 | Add script to verify all merge commits are signed | Matt Corallo | |