smimesign
git-ts
| smimesign | git-ts | |
|---|---|---|
| 2 | 2 | |
| 569 | 5 | |
| 0.5% | - | |
| 0.0 | 10.0 | |
| about 1 month ago | about 11 years ago | |
| Go | JavaScript | |
| MIT License | - |
Stars - the number of stars that a project has on GitHub. Growth - month over month growth in stars.
Activity is a relative number indicating how actively a project is being developed. Recent commits have higher weight than older ones.
For example, an activity of 9.0 indicates that a project is amongst the top 10% of the most actively developed projects that we are tracking.
smimesign
-
Signing Git Commits with Your SSH Key
I believe GitHub's smimesign can use RFC3161 timestamps:
How to specify a timestamp server
https://github.com/github/smimesign/issues/47
-
Gitsign
smimesign supports timestamping with a normal timestamp server, with a bit of extra effort. It would be cool if your tool could (at least optionally) do the same.
https://github.com/github/smimesign/issues/47#issuecomment-4...
git-ts
-
Gitsign
I wrote a tool a long time ago to publish a tree of git sha's to a neat non-distributed pre-blockchain that was being supported by the Linux Foundation, publictimestamp.org
https://github.com/rektide/git-ts
Alas frigging publictimestamp.krg was a pretty basic site which was fully dynically rendered. Nine of web.archive.org leaves any evidence of what the public timestamping (centralized) blockchain was anymore. Terrible bitrot, ironically for a.project that was all about preserving histor That's a real bite in the ass by irony!
-
Git Is a Blockchain
a long time ago i wrote https://github.com/rektide/git-ts , which posted git commit checksums to https://publictimestamp.org, which was a public service one could submit hashes to which would attest to them. hosted by linux foundation for a while. i really wish the website were still up to explain the project, even if it's offline. i loved having a way to say- yes, this commit is indeed from when it says it was.
there'a a ton of attestation stuff going on in cloud land these days, often under lofty objectives like "supply chain security".
What are some alternatives?
gitsign - Keyless Git signing using Sigstore
platform-samples - A public place for all platform sample projects.
cargo-vet - supply-chain security for Rust
community - Public feedback discussions for: GitHub Mobile, GitHub Discussions, GitHub Codespaces, GitHub Sponsors, GitHub Issues and more!
vouch - A multi-ecosystem package code review system.
opentimestamps-client - OpenTimestamps client
age - A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.
git-blame-someone-else - Blame someone else for your bad code.