Michael J Gruber <git@xxxxxxxxxxxxxxxxxxxx> writes: >> Agreed. Anything harder than ssh keys is right out the window, >> because they're always the alternative these people could be using >> (but can't or don't want to). > > Sue, the question was: What is easy enough? I hoped that people > would be using gpg to check signed tags, and that there might be a > simple, convenient gnupg installer for Win and Mac which ties into > the respective wallet systems or provides one they use already. I wouldn't be surprised if many people just don't check signed tags at all -- if the repositories they're using even have them in the first place -- particularly amongst the audience in question. -miles -- What the fuck do white people have to be blue about!? Banana Republic ran out of Khakis? The Espresso Machine is jammed? Hootie and The Blowfish are breaking up??! Shit, white people oughtta understand, their job is to GIVE people the blues, not to get them! -- George Carlin -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html