Cloning a tag-named branch introduced a supply chain attack vector, because branch and tag contents might differ. Now the hashed worktree always corresponds to the tag that is GPG-verified.main
parent
806535d54f
commit
6b7aa566ef
Loading…
Reference in new issue