Re: Gnome Flatpak build system, descriptions and questions
- From: Bastien Nocera <hadess hadess net>
- To: Shaun McCance <shaunm gnome org>, Michael Catanzaro <mcatanzaro gnome org>, Alexander Larsson <alexl redhat com>, Richard Hughes <hughsient gmail com>
- Cc: "gnome-os-list gnome org" <gnome-os-list gnome org>, desktop-devel-list <desktop-devel-list gnome org>
- Subject: Re: Gnome Flatpak build system, descriptions and questions
- Date: Fri, 26 Aug 2016 18:26:04 +0200
On Fri, 2016-08-26 at 11:48 -0400, Shaun McCance wrote:
On Fri, 2016-08-26 at 10:17 -0500, Michael Catanzaro wrote:
On Fri, 2016-08-26 at 10:29 -0400, Shaun McCance wrote:
Don't all maintainers already use signed tags for releases?
No. I used to do this, but stopped a couple years ago because it
was
pointless. Nobody should trust my key, so why use it?
IIRC, git.gnome.org won't let you push an unsigned tag.
Not sure whether we're talking about the same thing, but I never signed
any tags, or releases for GNOME.
I've been
tagging releases since the days of CVS, because tags are useful. I
thought everybody did.
That still leaves the question: If the release team tags with a key
we
can all trust, how does the release team trust that the commit they
tagged is the one the maintainer intended?
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]