-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 On Thu, Mar 23, 2017 at 02:01:34AM -0400, Jean-Philippe Ouellet wrote: > Hello,
Hello, Jean-Philippe, > QubesOS/*/core3-devel branches sometimes have unsigned commits (from > woju) at HEAD. [1] These also get merged into marmarek's remotes [2], > still without signature. > > I assume this is because there are other remotes / branches actually > being used instead and tags are not propagating. Or does the automated > signature verification workflow somehow break down in practice? Woju? > Marmarek? This is because I actually don't have my signing key in the same VM as the development. Instead I use this [1] to sign my tags. I didn't write an equivalent for making signed commits. Marek keeps his signing keys in the same VM as IDE, so he signs his commits using the usual git tools. Also, marmarek has somehow elaborate script which generally pushes only his own tags to his repo. This stems from the times when we also had private git, to which we pushed proprietary code (now we don't have one for common components). Because he is the only one to push to QubesOS/* repos, those also receive only marmarek's tags. There is one exception: core-admin/core3-devel, which receives my tags using automated script. My tags are to be found in woju/* repos. Those usually work, until one of us rebases or cherry-picks something, which happens from time to time. > Anyway... my real question is what remotes & branches one should track > now if one wishes to follow work on R4.0? (Ideally in a state which > one can build a "working" system from for testing.) Marmarek posted a > builder.conf some months ago [3], but I doubt it is being used to > actually build anything since qubes-builder signature verification > would fail. There are five components which have active core3-devel branches: BRANCH_core_admin = core3-devel BRANCH_core_admin_linux = core3-devel BRANCH_core_libvirt = core3-devel BRANCH_installer_qubes_os = core3-devel BRANCH_linux_utils = core3-devel There are some other components which have had core3-devel branches which were then merged to master branches. As to which repos: Probably QubesOS, but if there is no core3-devel branch, marmarek's. I only push if I have something new, so most of my repos are outdated. I write mostly core-admin/core3-devel, so this is the most current (and most volatile) branch of this component, but there is also a bot which pushes the commits to QubesOS, and the pull requests happen there, so you may skip my repos entirely, or only fetch tags from them. [1] https://ftp.qubes-os.org/~woju/pub/qubes-rpc/git-stag https://ftp.qubes-os.org/~woju/pub/qubes-rpc/woju.GitSignTag https://ftp.qubes-os.org/~woju/pub/qubes-rpc/stag.png - -- pozdrawiam / best regards _.-._ Wojtek Porczyk .-^' '^-. Invisible Things Lab |'-.-^-.-'| | | | | I do not fear computers, | '-.-' | I fear lack of them. '-._ : ,-' -- Isaac Asimov `^-^-_> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 iQIcBAEBCAAGBQJY055PAAoJEL9r2TIQOiNROIwP/iiwBioOQG/htPKSiL7ZDRi/ W2vsqzVR7cRqULFxoLGQzTFYAFXbeMeYvurRnXX7eVaWiUSHqdpJuz28Qy4uWaz5 WfytKGrpCR6RPYUI584t3bvhOxow5U/WeCpbqNK5drkp8HF5sm4TiomhLl/2lTqw LtCfiaRos/zppFMxpwldd0wjVV4eugT8Jn0Xm6cILQfNMnxAyImLz/hJjY51UdgL LSdJwv9qPqe6M/pFHoFUsMiVIWbAVrCVZZVaS+7C/dg2uY/n7bzzMycucADdJtpn il6UXCUn3GJlyDZabvAZVUbzJrCgIJPysJ7cSma/v6xBlNCTvkj4qqxYi/IbGhmg ghgkPShP3zzAMlohoFtgnecfo3CdIAW2UIPDvudI9nEg+PIvYkMFvEVzXXQg759T d5I3UIs1fmFjGKFJkYsiNCGL9vphPS2RIYFVVCUs8dj+EkWSdnamUGxSZeCwL/DM cO8lA+uQnesm9wadTK1h8j9akMrSm5+36SiyYH0WveMe/gFAuJtVKcqTMK5amBPS cueceBgvGEZjEMUb17PzLzExlXUobb3WSFuHXYqU/Zn6oC3NaWK9YZyXpNEvZUW4 DVxEtBERmItB4JqgKONRU5rANSvXo925OJXEaGcUkowp3S1tiATlfEpao/z9h33k b4Noe6aUORaVhxKNrI5Y =0rJM -----END PGP SIGNATURE----- -- You received this message because you are subscribed to the Google Groups "qubes-devel" group. To unsubscribe from this group and stop receiving emails from it, send an email to qubes-devel+unsubscr...@googlegroups.com. To post to this group, send email to qubes-devel@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/qubes-devel/20170323100712.GN31684%40invisiblethingslab.com. For more options, visit https://groups.google.com/d/optout.
