Re: Gnome Flatpak build system, descriptions and questions
- From: Alexander Larsson <alexl redhat com>
- To: Debarshi Ray <rishi is lostca se>, Michael Catanzaro <mcatanzaro gnome org>
- Cc: "gnome-os-list gnome org" <gnome-os-list gnome org>, desktop-devel-list <desktop-devel-list gnome org>
- Subject: Re: Gnome Flatpak build system, descriptions and questions
- Date: Tue, 30 Aug 2016 14:34:17 +0200
On lör, 2016-08-27 at 17:53 +0000, Debarshi Ray wrote:
Hey,
On Fri, Aug 26, 2016 at 10:17:04AM -0500, Michael Catanzaro wrote:
No. I used to do this, but stopped a couple years ago because it
was
pointless. Nobody should trust my key, so why use it?
Why shouldn't anybody trust my key if it has been signed by other
members of the community?
By the way, I have always signed my tags (using git tag -s), and I
don't think I am the only one. :) eg., gnome-keyring tags are often
signed. The only exceptions have been when I had to urgently make a
release from a machine that didn't have my GPG key, but those
occasions have been exceedingly rare.
Clearly this doesn't hurt. However, its also not something that
currently happens regularly enough that we can use it in automatic
tooling. This is the problem I have with the current setup.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
alexl redhat com alexander larsson gmail com
He's an old-fashioned overambitious boxer on a mission from God. She's an
elegant psychic single mother from Mars. They fight crime!
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
