Re: Gnome Flatpak build system, descriptions and questions

From: Colin Walters <walters verbum org>
To: gnome-os-list gnome org
Subject: Re: Gnome Flatpak build system, descriptions and questions
Date: Sat, 27 Aug 2016 08:39:51 -0400

Hi,

On Fri, Aug 26, 2016, at 12:21 PM, Michael Catanzaro wrote:

On Fri, 2016-08-26 at 11:48 -0400, Shaun McCance wrote:

IIRC, git.gnome.org won't let you push an unsigned tag.


I've been doing it for a while, so it most certainly does! I don't see
value in signing our tags as (a) clearly nobody is checking the
signatures


I know you're a tarball person.  That' s OK, it's a legacy model that's
still very widespread.

But why would you try to actively discourage people from using the signature
infrastructure that's built into git?  It doesn't make sense to me.

FWIW, I do sign all my tags (using https://github.com/cgwalters/git-evtag even)
and the node.js people for example are using it:
https://github.com/nodejs/node/issues/7579

Github even displays signed tags more prominently now.  So,
yes, signed tags are used.

Key management is hard, but that's not new.

References:
- Gnome Flatpak build system, descriptions and questions
  - From: Alexander Larsson
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Richard Hughes
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Alexander Larsson
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Michael Catanzaro
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Alexander Larsson
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Shaun McCance
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Michael Catanzaro
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Shaun McCance
- Re: Gnome Flatpak build system, descriptions and questions
  - From: Michael Catanzaro

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]