Fetching from the git repositories over https?
Adam Plaice
plaice.adam+notmuch at gmail.com
Thu Feb 8 22:28:04 PST 2018
Hi Daniel,
Thanks very much for the reply. I fully agree that the verifying of
git tags by MELPA would be valuable (and rather important from a
security perspective), and will bring it up.
BTW, is the GitHub mirror https://github.com/notmuch/notmuch/
mentioned in README.rst, semi-official in the sense of being likely to
be up to date? If, yes, it could be used as a stopgap intermediary
"source" for MELPA, until https transport is possible with the main
notmuch repository or MELPA supports verifying signed git tags.
Thanks again,
Adam
More information about the notmuch
mailing list