On Thu, Jun 22, 2017 at 21:12:27 +0200, Ludovic Courtès wrote:
> I think only GNU and kernel.org provide signatures, which represents 6%
> of our packages.  Of the 30% that do not have an updater, surely some
> have digital signatures, but we’re probably still below 10%.  The
> situation is bad in general…

What about signed tags/commits?

-- 
Mike Gerwitz
Free Software Hacker+Activist | GNU Maintainer & Volunteer
GPG: D6E9 B930 028A 6C38 F43B  2388 FEF6 3574 5E6F 6D05
https://mikegerwitz.com