Hi, everyone. I'm working on improving OpenPGP commit verification on Infra end. The changes so far shouldn't visibly affect developers whose accounts are configured correctly. However, if you have trouble pushing, please contact me (or other Infra members) immediately to investigate.
The changes so far are: 1. We've switched to a new model for fetching and propagating keys within Infra. This means that your key updates should be propagated faster now (within 2 hours + keyserver propagation time). Hopefully, this also means revocations will be noticed much faster. 2. We're enabling pairing keys with developers (the way gkeys is supposed to work). It means that gitolite will now check that the key used to sign commits actually belongs to the developer performing the push. -- Best regards, Michał Górny
signature.asc
Description: This is a digitally signed message part
