Fetching from the git repositories over https?
plaice.adam+notmuch at gmail.com
Thu Feb 8 22:28:04 PST 2018
Thanks very much for the reply. I fully agree that the verifying of
git tags by MELPA would be valuable (and rather important from a
security perspective), and will bring it up.
BTW, is the GitHub mirror https://github.com/notmuch/notmuch/
mentioned in README.rst, semi-official in the sense of being likely to
be up to date? If, yes, it could be used as a stopgap intermediary
"source" for MELPA, until https transport is possible with the main
notmuch repository or MELPA supports verifying signed git tags.
More information about the notmuch