> On Jul 26, 2019, at 12:06 PM, Nathan Hartman <hartman.nat...@gmail.com> wrote: > >> On Fri, Jul 19, 2019 at 6:03 PM Daniel Shahaf <d...@daniel.shahaf.name> >> wrote: > >> Nathan Hartman wrote on Fri, 19 Jul 2019 17:32 +00:00: >> > I meant is there a script that generates the list of dependencies >> > actually used on the test system. E.g., as in this testing/signing >> > message from a prior release: >> > >> > https://svn.haxx.se/dev/archive-2019-04/0012.shtml >> > >> > Because even though I'm not signing, I'd like to report what was actually >> > used. >> >> There's 'svn --version --verbose', and I think stsp's distro >> (tools/dev/unix-build/) >> has a target for this too, but beyond that, I don't think there's a single >> script >> you can use. Many developers use Debian derivatives, though; perhaps one of >> them will share a script you can use. >> >> People usually report what test combinations they ran. (That basically >> means what FS backend and RA layer you tested. If you set any relevant >> 'make'- or 'make check'-time knobs, it's useful to say that, too.) >> >> Also, I can't think of a reason why you shouldn't sign the tarballs. >> >> Thanks for testing, >> >> Daniel > > Thanks. That does make it much easier to include the dependency info > for future tests. > > I was under the impression that a signature is only meaningful when the > signer is a committer. :-) > > Glad to help. Thanks to everyone for the latest Subversion releases!
The signature only counts as a binding vote for the release when it is from a committer but in terms of strengthening the web of trust we ought to accept a signature from anyone. Mark