On Fri, 2016-08-26 at 10:17 -0500, Michael Catanzaro wrote: > On Fri, 2016-08-26 at 10:29 -0400, Shaun McCance wrote: > > > > Don't all maintainers already use signed tags for releases? > No. I used to do this, but stopped a couple years ago because it was > pointless. Nobody should trust my key, so why use it?
IIRC, git.gnome.org won't let you push an unsigned tag. I've been tagging releases since the days of CVS, because tags are useful. I thought everybody did. That still leaves the question: If the release team tags with a key we can all trust, how does the release team trust that the commit they tagged is the one the maintainer intended? -- Shaun _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
