... | ... | @@ -1161,6 +1161,8 @@ OpenPGP verification on the control repository. If a hook checks that |
|
|
commits are signed by a trusted party, it does not matter where the
|
|
|
code is hosted.
|
|
|
|
|
|
A good reference for OpenPGP verification is [this guix article](https://guix.gnu.org/blog/2020/securing-updates/) which covers a few scenarios.
|
|
|
|
|
|
We could use the [webhook](https://github.com/voxpupuli/puppet_webhook) system to have GitLab notify the Puppet
|
|
|
server to pull code.
|
|
|
|
... | ... | |