id	summary	reporter	owner	description	type	status	priority	milestone	component	resolution	keywords	cc	parents
787	Instructions should include a recommendation that users check signatures	anongoblin		"On http://mediagoblin.readthedocs.org/en/v0.5.1/siteadmin/deploying.html , the instructions for deploying mediagoblin itself are:

{{{
git clone git://gitorious.org/mediagoblin/mediagoblin.git
cd mediagoblin
git submodule init && git submodule update
}}}

It would probably be a good idea to recommend that users make sure that they're getting the real mediagoblin code, and not a trojan or something.  One part of doing that would be to point them at the https URL (see #786), but since tags are signed, it might be a good idea to include instructions for checking signed tags too."	defect	closed	major	1.0	documentation	fixed		Alex Jordan