- serve as a personal memo to keep track of personal verified states of repositories that *I use* and briefly comment as far as I know their legitimacy
Note that by repository state I mean the actual state of a repository at a given commit id, so marking a repository at a given commit as verified doesn't mean that previous commits were also verified. Only the resulting state at the given commit id was verified.
The current trust level is defined as looking legitimate, I don't guarantee that to the best of my knowledge there isn't any security vulnerability.
Meta-informations related to a git, such as dependencies (not the legitimate aspect but the verified one), issues, pull requests..., aren't verified yet but may be in the future, if so it would be precised as such.
// - `VERIFIED_ONLY_OWN_COMMITS` (note that using this flag for repositories that aren't managed by the verifier requires verifier commits to be signed and to precise the fingerprint of his public key in this `README.md` for instance)