Re: Gnome Flatpak build system, descriptions and questions
- From: Colin Walters <walters verbum org>
- To: gnome-os-list gnome org
- Subject: Re: Gnome Flatpak build system, descriptions and questions
- Date: Sat, 27 Aug 2016 08:39:51 -0400
Hi,
On Fri, Aug 26, 2016, at 12:21 PM, Michael Catanzaro wrote:
On Fri, 2016-08-26 at 11:48 -0400, Shaun McCance wrote:
IIRC, git.gnome.org won't let you push an unsigned tag.
I've been doing it for a while, so it most certainly does! I don't see
value in signing our tags as (a) clearly nobody is checking the
signatures
I know you're a tarball person. That' s OK, it's a legacy model that's
still very widespread.
But why would you try to actively discourage people from using the signature
infrastructure that's built into git? It doesn't make sense to me.
FWIW, I do sign all my tags (using https://github.com/cgwalters/git-evtag even)
and the node.js people for example are using it:
https://github.com/nodejs/node/issues/7579
Github even displays signed tags more prominently now. So,
yes, signed tags are used.
Key management is hard, but that's not new.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]