在git中签署标签 [英] Signing tags in git

问题描述

我在git中很新，而且我看到可以用gpg签名标签。我了解公钥加密技术是如何工作的，并且我理解如何签署标签，但是要做什么？

预先感谢您。

解决方案

现在，任何拥有您的公钥的人都可以证明您已经批准特定的提交作为特定的提交该程序的版本。如果他们碰巧相信你是该软件包的官方发布源，那么他们知道他们获得了该软件包的正式版本，而不是一些可能被攻击者背负或在传输过程中被损坏的随机版本。

I am quite new in git, and I have seen that it is possible to sign the tags with gpg. I understand how public key cryptography works, and I understand how to do sign the tags, but what is the point in doing it?

Thank you in advance.

解决方案

The point of signing a tag is that now anyone who has your public key can prove that you have approved that particular commit as being that particular version of the program. If they happen to trust you as being the official source of releases for that package, then they know that they got an official version of that package, not some random version that might have been backdoored by an attacker or corrupted in transit.

这篇关于在git中签署标签的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！