The commits aren't gpg signed though? The verified thing seems to be some weird gitlab stuff.
eg if you clone that repo, and run
git log --show-signature 34299510b
git says the commit is unsigned.
That said, I have been able to find clones of the youtube-dl repo elsewhere with HEAD 416da574e, and the 3 commits the gitlab repo adds on top of that seem innocuous.
eg if you clone that repo, and run
git says the commit is unsigned.That said, I have been able to find clones of the youtube-dl repo elsewhere with HEAD 416da574e, and the 3 commits the gitlab repo adds on top of that seem innocuous.
just shows a regex fix and then version bumps.