Re: Gnome Flatpak build system, descriptions and questions

On lör, 2016-08-27 at 17:53 +0000, Debarshi Ray wrote:

On Fri, Aug 26, 2016 at 10:17:04AM -0500, Michael Catanzaro wrote:

No. I used to do this, but stopped a couple years ago because it
pointless. Nobody should trust my key, so why use it?
Why shouldn't anybody trust my key if it has been signed by other
members of the community?

By the way, I have always signed my tags (using git tag -s), and I
don't think I am the only one. :) eg., gnome-keyring tags are often
signed. The only exceptions have been when I had to urgently make a
release from a machine that didn't have my GPG key, but those
occasions have been exceedingly rare.

Clearly this doesn't hurt. However, its also not something that
currently happens regularly enough that we can use it in automatic
tooling. This is the problem I have with the current setup.

 Alexander Larsson                                            Red Hat, Inc 
       alexl redhat com            alexander larsson gmail com 
He's an old-fashioned overambitious boxer on a mission from God. She's an 
elegant psychic single mother from Mars. They fight crime! 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]