| ▲ | lorecore 2 hours ago | |
Signed commits could solve this in a more decentralized way if people post their public keys on their own domains. | ||
| ▲ | skydhash an hour ago | parent [-] | |
Own domains is the real deal. My preffered model is tarball releases with checksums, or better yet, with signatures (like remind[0] or msmtp[1]). Such pages are trivial to host properly and loads quickly. | ||