On Sun, Dec 22, 2013 at 03:31:08AM -0500, Richard Stallman wrote:
> I hereby dub ease.js a GNU package, and you its maintainer.
>
> Please don't forget to mention prominently in the README file and
> other suitable documentation places that it is a GNU program.
This greatly simplfies rebasing and other operations while working in a branch;
signing each and every commit that is not in master can be overkill (even if it
does give peace of mind).
This tool can help to ensure that commits have not been falsely authored. For
example, if you receive an ease.js repository from a friend, there is no way to
verify that a commit from "Mike Gerwitz" is actually a commit from myself unless
it has been signed using my private key. This additional check will help to
ensure the integrity of the repository.
Please note that automated systems should *not* invoke this utility directly
from this repository, unless it is invoked using a previously trusted commit.
Otherwise, an attacker need only alter the script to competely evade the check.
Mike Gerwitz