On Sat, May 19, 2018 at 4:14 PM, Bruno Haible <br...@clisp.org> wrote: > Hi Jim, > >> The only thing I would have done differently would be to add >> "FIXME-2020" or similar to your comment > > Why 2020? I wrote: > > Ubuntu 2016.04 (which is supported until April 2021, > that is, 3 years from now), has `gpg --version` = 1.x. > > So, if it's supported until April 2021, you can assume some users will use > it until 2025. In order to not gratuitously hurt these users, I would suggest > keep this code until at least 2025.
Hi Bruno, This is a tool by which one uploads signed tarballs to (usually) GNU servers, presumably for mass distribution. As such, I think we are justified in holding packagers/uploaders to a higher standard. At the very least, we should feel justified in expecting that an uploader run on a reasonably secure system: i.e., one that is still being maintained. That said, you're welcome to change the comment however you'd like. Thanks for all your help, Jim
