On Fri, 2020-07-03 at 09:56 +0200, Daniel Veillard wrote:
>   Half a day late, but I pushed the 6.5.0 release out, it is as usual
> available as a signed tarball and source rpms from the server:
> 
> https://libvirt.org/sources/
> 
> I also tagged and pushed the 6.5.0 python bindings that one can find at
> 
> https://libvirt.org/sources/python/
> 
> This release includes a number of new features and some improvement,
> as well as a crash which had made its way in 6.4.0.
> It will also be my last release of libvirt after close to 15 years,
> so expect new releases to be signed by Jiri Denemark from now on.

Hi Daniel,

unfortunately the way the handover of release responsibilities was
handled is not considered up to scratch for at least one downstream
community, Arch Linux.

More specifically, since no formal trust path between your PGP key
and Jiri's has been established, the Arch maintainers are not
comfortable updating the package past 6.5.0. The situation has been
in a standstill for several months now, and Arch users are
increasingly suffering from it. See [1] and following comments for
more details on this.

Can you and Jiri (CC'd) please get in touch and arrange for his key
to be signed with yours, so that a proper trust path is established?
I would really love to see this resolved once and for all.

Thanks in advance to both of you!


[1] https://bugs.archlinux.org/task/67921#comment193381
-- 
Andrea Bolognani / Red Hat / Virtualization

Reply via email to