Ok cool. I was jumping to conclusions. :P My bad...
*Will STEVENS*
Lead Developer
*CloudOps* *| *Cloud Solutions Experts
420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
w cloudops.com *|* tw @CloudOps_
On Wed, Apr 6, 2016 at 5:08 PM, Wido den Hollander wrote:
>
> > Op 6
> Op 6 april 2016 om 19:16 schreef Will Stevens :
>
>
> yes, for now. this is something I want to work towards, but we have to be
> patent and go one step at a time.
>
Yes. I never meant this to be implemented right now.
For me it seemed like a good thing so that we
yes, for now. this is something I want to work towards, but we have to be
patent and go one step at a time.
*Will STEVENS*
Lead Developer
*CloudOps* *| *Cloud Solutions Experts
420 rue Guy *|* Montreal *|* Quebec *|* H3J 1S6
w cloudops.com *|* tw @CloudOps_
On Wed, Apr 6, 2016 at 1:06 PM, Daan
On Wed, Apr 6, 2016 at 6:58 PM, Will Stevens wrote:
> but we have to work with the ASF
so we can not go there tomorrow but maybe the day after. Both we and the
foundation want signed commits so in the end we can be using github for
this as well. As long as there is no
I am just trying to make sure we are all clear on what we are trying to
achieve.
No, we do not have committer access via Github, and in order for us to be
able to make the move the 'apache-cloudstack' org, we will need to keep it
that way (at least for now). I am still working on getting this to
Ah, ok
I had forgotten that, my bad.
On Wed, Apr 6, 2016 at 12:39 PM, Daan Hoogland
wrote:
> On Wed, Apr 6, 2016 at 5:37 PM, Rafael Weingärtner <
> rafaelweingart...@gmail.com> wrote:
>
>> Sorry, but I did not understand. We do not have commit access to Github,
>>
On Wed, Apr 6, 2016 at 5:37 PM, Rafael Weingärtner <
rafaelweingart...@gmail.com> wrote:
> Sorry, but I did not understand. We do not have commit access to Github,
> right?
>
I think we are talking about the new to be cloudstack organisation, right
@Will?
>
> On Wed, Apr 6, 2016 at 12:35
Sorry, but I did not understand. We do not have commit access to Github,
right?
On Wed, Apr 6, 2016 at 12:35 PM, Daan Hoogland
wrote:
> hm, no ;) We can control access to the organisation right? so we can close
> it for committers that don't have a valid key. We just
hm, no ;) We can control access to the organisation right? so we can close
it for committers that don't have a valid key. We just need to think of a
procedure for checking and registration.
On Wed, Apr 6, 2016 at 5:33 PM, Will Stevens wrote:
> Yes, I agree with both of
Yes, I agree with both of you. Maybe I am not being clear. My point is
only that we can't allow commit access on Github because then we can not
limit it to only valid committers who COULD commit. Is that clearer?
*Will STEVENS*
Lead Developer
*CloudOps* *| *Cloud Solutions Experts
420 rue Guy
I agree with Daan.
On Wed, Apr 6, 2016 at 11:42 AM, Daan Hoogland
wrote:
> Will, we only need to be sure about the key's of committers. Only merge
> commits we need to be sure of the signature and the merger needs to be
> verify the code. He can not assure that the
Will, we only need to be sure about the key's of committers. Only merge
commits we need to be sure of the signature and the merger needs to be
verify the code. He can not assure that the origin of the code is authentic
but he can at least assure that the code is unchanged since contribution
when
Ok, that is half. But how do we verify that a Github user has a GPG key
that is matching what is registered in the ASF? Just because you have a
GPG key does not mean you are an ASF committer, so the check would have to
be made to verify the GPG is registered to an ASF committer before they
would
There is a way to do that. When you become a committer, you can register a
key at [1], then that key (public key) is loaded to [2]. The key is
associated with the committer’s login. For instance, this is my public key
[3].
[1] id.apache.org
[2] https://people.apache.org/keys/committer/
[3]
I don't think it is quite this simple. There would have to be a way for
the GPG key to be associated with a specific ASF identity and I don't think
that is in place at this time. Also, there would have to be verification
that the person who is committing has a GPG key AND that they are a
On Wed, Apr 6, 2016 at 11:00 AM, Wido den Hollander wrote:
>
> > Op 6 april 2016 om 10:50 schreef Daan Hoogland >:
> >
> >
> > Good reading for the Wednesday morning;) yes I think we need to go there
> > and maybe even ask it of our contributors.
> >
>
> Op 6 april 2016 om 10:50 schreef Daan Hoogland :
>
>
> Good reading for the Wednesday morning;) yes I think we need to go there
> and maybe even ask it of our contributors.
>
It might please the ASF since we can now prove who made the commit. If we ask
all
Good reading for the Wednesday morning;) yes I think we need to go there
and maybe even ask it of our contributors.
On Wed, Apr 6, 2016 at 9:28 AM, Wido den Hollander wrote:
> Hi,
>
> Github just added [0] support for verifying GPG signatures of Git commits
> to the
> web
Hi,
Github just added [0] support for verifying GPG signatures of Git commits to the
web interface.
Under the settings page [1] you can now add your public GPG key so Github can
verify it.
It's rather simple:
$ gpg --armor --export w...@widodh.nl
That gave me my public key which I could
19 matches
Mail list logo