On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec dol...@gentoo.org wrote:
I don't know tbh, most are already signed, with the git migration, the
strongly recommended commit signing will become MANDATORY.
So, we are at 50 devs with valid gpg keys now, with 200 more gpg keys
listed in LDAP that
On 17 July 2015 at 15:36, Rich Freeman ri...@gentoo.org wrote:
On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec dol...@gentoo.org wrote:
I don't know tbh, most are already signed, with the git migration, the
strongly recommended commit signing will become MANDATORY.
So, we are at 50 devs with
On Fri, Jul 17, 2015 at 8:36 AM, Rich Freeman ri...@gentoo.org wrote:
On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec dol...@gentoo.org wrote:
I don't know tbh, most are already signed, with the git migration, the
strongly recommended commit signing will become MANDATORY.
So, we are at 50
On Fri, 17 Jul 2015 08:36:25 -0400
Rich Freeman ri...@gentoo.org wrote:
On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec dol...@gentoo.org
wrote:
I don't know tbh, most are already signed, with the git migration,
the strongly recommended commit signing will become MANDATORY.
So, we are
On Fri, 17 Jul 2015 08:50:43 -0400
Rich Freeman ri...@gentoo.org wrote:
On Fri, Jul 17, 2015 at 8:36 AM, Rich Freeman ri...@gentoo.org
wrote:
On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec dol...@gentoo.org
wrote:
I don't know tbh, most are already signed, with the git migration,
the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 07/17/2015 03:13 AM, NP-Hardass wrote:
Additionally, I feel that a signature is a means of acknowledging
that a package has been looked over, and that developer has stated
that they approve of the existing state. I'm not sure if others
Hi,
On Fri, 17 Jul 2015 10:18:14 +0200 Kristian Fiskerstrand wrote:
Additionally, I feel that a signature is a means of acknowledging
that a package has been looked over, and that developer has stated
that they approve of the existing state. I'm not sure if others
agree with that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 07/17/2015 11:48 AM, hasufell wrote:
On 07/17/2015 10:18 AM, Kristian Fiskerstrand wrote:
On 07/17/2015 03:13 AM, NP-Hardass wrote:
Additionally, I feel that a signature is a means of
acknowledging that a package has been looked over, and
On 07/17/2015 10:18 AM, Kristian Fiskerstrand wrote:
On 07/17/2015 03:13 AM, NP-Hardass wrote:
Additionally, I feel that a signature is a means of acknowledging
that a package has been looked over, and that developer has stated
that they approve of the existing state. I'm not sure if others
On 17 July 2015 at 22:34, Andrew Savchenko birc...@gentoo.org wrote:
2. Add an optional feature to emerge (or even to PMS?) allowing user
to provide a usable GPG key for signing packages CONTENTS files
after its generation. In order for such key to be usable during
emerge run, gpg-agent should
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/16/2015 09:25 PM, Kent Fredric wrote:
On 17 July 2015 at 13:13, NP-Hardass np-hard...@gentoo.org
wrote:
Additionally, I feel that a signature is a means of acknowledging
that a package has been looked over, and that developer has
stated
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 16 Jul 2015 23:06:03 -0400
NP-Hardass np-hard...@gentoo.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/16/2015 09:25 PM, Brian Dolbec wrote:
On Thu, 16 Jul 2015 21:13:09 -0400 NP-Hardass
np-hard...@gentoo.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/16/2015 09:25 PM, Brian Dolbec wrote:
On Thu, 16 Jul 2015 21:13:09 -0400 NP-Hardass
np-hard...@gentoo.org wrote:
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256
Not sure if this has been covered in some of the rather long
chains of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 16 Jul 2015 21:13:09 -0400
NP-Hardass np-hard...@gentoo.org wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Not sure if this has been covered in some of the rather long chains of
late, but I was thinking about GPG signing, and
On 17 July 2015 at 13:13, NP-Hardass np-hard...@gentoo.org wrote:
Additionally, I feel that a signature is a means of acknowledging that
a package has been looked over, and that developer has stated that
they approve of the existing state
That much is somewhat implied by a developer owning a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Not sure if this has been covered in some of the rather long chains of
late, but I was thinking about GPG signing, and how the proposed
workflow requires every developer to sign their commits. Currently,
it's advised that every manifest be signed.
16 matches
Mail list logo