commits – because <ahref="./docs/contributor_code_of_conduct.html#code-will-be-cryptographically-signed"target="_blank"title="Contributor Code of Conduct">cryptographic software is under attack</a> from NSA
entryists, and shills, who seek to introduce backdoors.</p>
<p>This may be inconvenient if you do not have <code>gpg</code> installed and set up.</p>
<p><code>.gitconfig</code> adds several git aliases:</p>
<oltype="1">
<li><code>git lg</code> to display the gpg trust information for the last four commits.
For this to be useful you need to import the repository public key
<code>public_key.gpg</code> into gpg, and locally sign that key.</li>
<li><code>git fixws</code> to standardise white space to the project standards</li>
<li><code>git graph</code> to graph the commit tree</li>
<li><code>git alias</code> to display the git aliases.</li>
<divclass="sourceCode"id="cb3"><preclass="sourceCode bash"><codeclass="sourceCode bash"><spanid="cb3-1"><ahref="#cb3-1"aria-hidden="true"tabindex="-1"></a><spanclass="co"># To verify that the signature on future pulls is unchanged.</span></span>
<spanid="cb3-4"><ahref="#cb3-4"aria-hidden="true"tabindex="-1"></a><spanclass="co"># We ignore the Gpg Web of Trust model and instead use</span></span>
<spanid="cb3-6"><ahref="#cb3-6"aria-hidden="true"tabindex="-1"></a><spanclass="co"># We use Gpg signatures to verify that remote repository</span></span>
<spanid="cb3-7"><ahref="#cb3-7"aria-hidden="true"tabindex="-1"></a><spanclass="co"># code is coming from an unchanging entity, not for</span></span>
<spanid="cb3-8"><ahref="#cb3-8"aria-hidden="true"tabindex="-1"></a><spanclass="co"># Gpg Web of Trust. Web of Trust is too complicated</span></span>
<spanid="cb3-9"><ahref="#cb3-9"aria-hidden="true"tabindex="-1"></a><spanclass="co"># and too user hostile to be workable or safe.</span></span>
<spanid="cb3-10"><ahref="#cb3-10"aria-hidden="true"tabindex="-1"></a><spanclass="co"># Never --sign any Gpg key related to this project. --lsign it.</span></span>
<spanid="cb3-11"><ahref="#cb3-11"aria-hidden="true"tabindex="-1"></a><spanclass="co"># Never check any Gpg key related to this project against a</span></span>
<spanid="cb3-12"><ahref="#cb3-12"aria-hidden="true"tabindex="-1"></a><spanclass="co"># public gpg key repository. It should not be there.</span></span>
<spanid="cb3-13"><ahref="#cb3-13"aria-hidden="true"tabindex="-1"></a><spanclass="co"># Never use any email address on a gpg key related to this project</span></span>
<spanid="cb3-14"><ahref="#cb3-14"aria-hidden="true"tabindex="-1"></a><spanclass="co"># unless it is only used for project purposes, or a fake email,</span></span>