Comment by Sergey Ponomarev on What is the point in signing tags in git?
@Abhisek the commit hash doesn't verify who made the commit. Someone else may add a commit to your repo with your name. But if you signed with your key that only you have then anyone else can verify it...
View ArticleAnswer by Sergey Ponomarev for How do I verify that an Android apk is signed...
You can do this right on a phone with the App Manager.In a Files long tap on the apk file and press / Options / Open With / App Manager: About. Then on the Signatures tab you'll find a list of all...
View ArticleAnswer by Sergey Ponomarev for zip non-deterministic result in linux
Sample host to deterministically archive folder to .zip and remove the folder:reproducible_zip() { src_folder=$1 TZ=UTC find . -exec touch --no-dereference -a -m -t 198002010000.00 {} + TZ=UTC zip -q...
View ArticleAnswer by Sergey Ponomarev for Sorting domain names
Here is a sample of sorting domains in Golang:func Test_SortDomain(t *testing.T) { domains := []string{"a.com", "b.com", "a.a.org", "a.org", "b.a.com"} slices.SortFunc(domains, CompareDomain)...
View ArticleAnswer by Sergey Ponomarev for Return time from a NTP server signed by its...
There is Network Time Security (NTS) but what you need is probably Roughtime https://developers.cloudflare.com/time-services/roughtime/It allows to have a signed time.There is also Time stampprotocol...
View Article