Skip to content
/ SignatureChain Public

this is a signed Chain(aka github repositories with signed commits). It contains a lot of signatures for Composer packages.

1 star 3 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Cotya/SignatureChain

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

6 Commits
signatures
signatures
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 

Repository files navigation

Cotya/SignatureChain

this is a signed Chain(aka github repositories with signed commits).
It contains a lot of signatures for Composer packages. First a simple sha256 signature, additionally a gpg signature. The type of the second signature is free of choice.

availabel tools to interact with this Chain

why this is secure

warning: I have no Idea about how secure this is, I just trust existing software to do the job properly.

Git is used by a lot of people and should make sure, that changing the history does not happen without someone to notice.

gpg signing of commits should also make sure, everybody can validate who added the signatures. They also give you the choice to decide yourself who to trust.

About

this is a signed Chain(aka github repositories with signed commits). It contains a lot of signatures for Composer packages.

Resources

Readme
Activity
Custom properties

Stars

1 star

Watchers

2 watching

Forks

3 forks
Report repository

Releases

No releases published

Packages

No packages published