Re: Gnome Flatpak build system, descriptions and questions

From: Tomasz Torcz <tomek pipebreaker pl>
To: desktop-devel-list gnome org
Subject: Re: Gnome Flatpak build system, descriptions and questions
Date: Fri, 26 Aug 2016 17:55:29 +0200

On Fri, Aug 26, 2016 at 11:48:58AM -0400, Shaun McCance wrote:

On Fri, 2016-08-26 at 10:17 -0500, Michael Catanzaro wrote:

On Fri, 2016-08-26 at 10:29 -0400, Shaun McCance wrote:


Don't all maintainers already use signed tags for releases?

No. I used to do this, but stopped a couple years ago because it was
pointless. Nobody should trust my key, so why use it?


IIRC, git.gnome.org won't let you push an unsigned tag. I've been
tagging releases since the days of CVS, because tags are useful. I
thought everybody did.

That still leaves the question: If the release team tags with a key we
can all trust, how does the release team trust that the commit they
tagged is the one the maintainer intended?


 Aren't you confused? Tagging and signing (presumably signing a tag) are
two separate actions.

-- 
Tomasz Torcz              ,,If you try to upissue this patchset I shall be seeking
xmpp: zdzichubg chrome pl   an IP-routable hand grenade.'' -- Andrew Morton (LKML)

References:
- Gnome Flatpak build system, descriptions and questions
  - From: Alexander Larsson
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Richard Hughes
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Alexander Larsson
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Michael Catanzaro
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Alexander Larsson
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Shaun McCance
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Michael Catanzaro
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Shaun McCance

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]