Confirmed users
1,364
edits
GitHub/Repository Security: Difference between revisions
Clarify scope of signing for now
(Reword a confusing sentence) |
(Clarify scope of signing for now) |
||
| Line 69: | Line 69: | ||
# Use of 2fa by everyone associated with the sensitive repository. | # Use of 2fa by everyone associated with the sensitive repository. | ||
# Implementing signed commits and tags into your workflows. | # Implementing signed commits and tags into your workflows. {{Note|While conceptually "simple", in practice it is difficult to enforce and audit when GitHub web commits and commits from automation are used (which is almost always). For now, tags used to mark releases should be signed.}} | ||
# Hosting in a Mozilla staff managed organization. | # Hosting in a Mozilla staff managed organization. | ||