On 21 September 2014 09:18, hasufell <hasuf...@gentoo.org> wrote: > Kent Fredric: > > > > He is proposing quite the opposite. He's saying "git is not secure in > this > > way, but lets not let that stop us, migrate and fix that after the fact > or > > we'll never get around to it, because all this debate is the perfect > being > > the enemy of the good". > > > > I didn't see him saying that. It rather sounds like we want to have > thick signed Manifests and break pull requests and whatnot. >
<<< I'm personally in the camp that I'd rather see ANY git migration happen sooner rather than later and I'd rather migrate first and then fix any signature issues later. Simple gpg signed commits secured only with sha1 seems good enough to start with. -- Rich >>> -- Kent *KENTNL* - https://metacpan.org/author/KENTNL
