Franco Masotti 8 months ago
parent
commit
c53db4bccb
Signed by: frnmst
GPG Key ID: 24116ED85666780A
  1. 6
      _pages/software_instructions.md
  2. 2
      _software/md-toc-8.1.0/release.md

6
_pages/software_instructions.md

@ -32,8 +32,8 @@ The following extract is from a [post by Mike Gerwitz](https://mikegerwitz.com/2
>> Git hosting providers are probably the most easily overlooked trustees—providers like Gitorious, GitHub, Bitbucket, SourceForge, Google Code, etc. Each provides hosting for your repository and “secures” it by allowing only you, or other authorized users, to push to it, often with the use of SSH keys tied to an account. By using a host as the primary holder of your repository—the repository from which most clone and push to—you are entrusting them with the entirety of your project; you are stating, “Yes, I trust that my source code is safe with you and will not be tampered with”. This is a dangerous assumption. Do you trust that your host properly secures your account information? Furthermore, bugs exist in all but the most trivial pieces of software, so what is to say that there is not a vulnerability just waiting to be exploited in your host’s system, completely compromising your repository?
>>
>> It was not too long ago (March 4th, 2012) that a public key security vulnerability at GitHub was exploited by a Russian man named Egor Homakov, allowing him to successfully commit to the master branch of the Ruby on Rails framework repository hosted on GitHub. Oops.
Copyright © 2019 Mike Gerwitz. Licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
>
> Copyright © 2019 Mike Gerwitz. Licensed under the Creative Commons Attribution-ShareAlike 4.0 International License.
## Signing keys
@ -118,7 +118,7 @@ What follows are the steps I use to upload the software page.
software_name_python_module: ${project_python_module}
software_version: ${tag}
software_version_raw: ${tag_raw}
release_timestamp: ${project_version_release_date}
release_timestamp: ${project_version_release_timestamp}
is_on_pypi: ${is_on_pypi}
has_changelog: ${has_changelog}
signing_public_key: ${signing_key}

2
_software/md-toc-8.1.0/release.md

@ -18,5 +18,5 @@ signing_public_key: pgp_pubkey_since_2019.txt
- New line output is now handled correctly.
See [issue 33](https://github.com/frnmst/md-toc/issues/33).
- Updated copyright headers.
- Imported fixed from [fpydocs](https://blog.franco.net.eu.org/software/#fpydocs).
- Imported fixes from [fpydocs](https://blog.franco.net.eu.org/software/#fpydocs).
- Metadata fixes in the setup.py file.

Loading…
Cancel
Save