On 12/13/2015 07:50 PM, Andrew Savchenko wrote: > Hi, > > On Sun, 13 Dec 2015 18:38:55 +0100 Patrick Lauer wrote: >> On 12/13/2015 06:36 PM, Patrick Lauer wrote: >>> So apparently we're signing things with gpg now >> And a related question: >> >> How would I actually verify the signatures in a meaningful way? > git log --show-signature does this using GnuPG. That's not very automated or effective. I'd assume 'emerge' has such functionality included ...? > > Of course, in order to gpg to work one have to mark dev keys as > trusted, they can be verified using ldap or several public > keyservers. LDAP is more reliable, of course, but this method works > only for devs (and probably some stuff members) having an access > here. That's what the app-crypt/gkeys thing is for, as far as I can tell.
- [gentoo-dev] repo/gentoo.git, or how committing is challe... Patrick Lauer
- Re: [gentoo-dev] repo/gentoo.git, or how committing ... Patrick Lauer
- Re: [gentoo-dev] repo/gentoo.git, or how committ... Andrew Savchenko
- Re: [gentoo-dev] repo/gentoo.git, or how com... Patrick Lauer
- Re: [gentoo-dev] repo/gentoo.git, or how committing ... Andrew Savchenko
- Re: [gentoo-dev] repo/gentoo.git, or how committ... Mike Gilbert
- Re: [gentoo-dev] repo/gentoo.git, or how com... Andrew Savchenko
- Re: [gentoo-dev] repo/gentoo.git, or how committ... Brian Dolbec
- Re: [gentoo-dev] repo/gentoo.git, or how com... Daniel Campbell
- Re: [gentoo-dev] repo/gentoo.git, or how com... Patrick Lauer
- Re: [gentoo-dev] repo/gentoo.git, or how... Mike Gilbert
- Re: [gentoo-dev] repo/gentoo.git, or how... Peter Stuge
- [gentoo-dev] Re: repo/gentoo.git, or how com... Ryan Hill
- Re: [gentoo-dev] Re: repo/gentoo.git, or... Peter Stuge
