On Fri, 17 Jul 2015 08:50:43 -0400
Rich Freeman wrote:
> On Fri, Jul 17, 2015 at 8:36 AM, Rich Freeman
> wrote:
> > On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec
> > wrote:
> >>
> >> I don't know tbh, most are already signed, with the git migration,
> >> the strongly recommended commit signing
On Fri, 17 Jul 2015 08:36:25 -0400
Rich Freeman wrote:
> On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec
> wrote:
> >
> > I don't know tbh, most are already signed, with the git migration,
> > the strongly recommended commit signing will become MANDATORY.
> >
> > So, we are at 50 devs with valid
On Fri, Jul 17, 2015 at 8:36 AM, Rich Freeman wrote:
> On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec wrote:
>>
>> I don't know tbh, most are already signed, with the git migration, the
>> strongly recommended commit signing will become MANDATORY.
>>
>> So, we are at 50 devs with valid gpg keys n
On 17 July 2015 at 15:36, Rich Freeman wrote:
> On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec wrote:
>>
>> I don't know tbh, most are already signed, with the git migration, the
>> strongly recommended commit signing will become MANDATORY.
>>
>> So, we are at 50 devs with valid gpg keys now, wit
On Fri, Jul 17, 2015 at 12:42 AM, Brian Dolbec wrote:
>
> I don't know tbh, most are already signed, with the git migration, the
> strongly recommended commit signing will become MANDATORY.
>
> So, we are at 50 devs with valid gpg keys now, with 200 more gpg keys
> listed in LDAP that fail to meet
On 17 July 2015 at 22:34, Andrew Savchenko wrote:
> 2. Add an optional feature to emerge (or even to PMS?) allowing user
> to provide a usable GPG key for signing packages CONTENTS files
> after its generation. In order for such key to be usable during
> emerge run, gpg-agent should be used; alter
Hi,
On Fri, 17 Jul 2015 10:18:14 +0200 Kristian Fiskerstrand wrote:
> > Additionally, I feel that a signature is a means of acknowledging
> > that a package has been looked over, and that developer has stated
> > that they approve of the existing state. I'm not sure if others
> > agree with that
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 07/17/2015 11:48 AM, hasufell wrote:
> On 07/17/2015 10:18 AM, Kristian Fiskerstrand wrote:
>> On 07/17/2015 03:13 AM, NP-Hardass wrote:
>>
>>> Additionally, I feel that a signature is a means of
>>> acknowledging that a package has been looked o
On 07/17/2015 10:18 AM, Kristian Fiskerstrand wrote:
> On 07/17/2015 03:13 AM, NP-Hardass wrote:
>
>> Additionally, I feel that a signature is a means of acknowledging
>> that a package has been looked over, and that developer has stated
>> that they approve of the existing state. I'm not sure if
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On 07/17/2015 03:13 AM, NP-Hardass wrote:
> Additionally, I feel that a signature is a means of acknowledging
> that a package has been looked over, and that developer has stated
> that they approve of the existing state. I'm not sure if others
> a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 16 Jul 2015 23:06:03 -0400
NP-Hardass wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> On 07/16/2015 09:25 PM, Brian Dolbec wrote:
> > On Thu, 16 Jul 2015 21:13:09 -0400 NP-Hardass
> > wrote:
> >
> >> -BEGIN PGP SIGNED
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/16/2015 09:25 PM, Kent Fredric wrote:
> On 17 July 2015 at 13:13, NP-Hardass
> wrote:
>> Additionally, I feel that a signature is a means of acknowledging
>> that a package has been looked over, and that developer has
>> stated that they appro
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 07/16/2015 09:25 PM, Brian Dolbec wrote:
> On Thu, 16 Jul 2015 21:13:09 -0400 NP-Hardass
> wrote:
>
>> -BEGIN PGP SIGNED MESSAGE- Hash: SHA256
>
>> Not sure if this has been covered in some of the rather long
>> chains of late, but I wa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Thu, 16 Jul 2015 21:13:09 -0400
NP-Hardass wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Not sure if this has been covered in some of the rather long chains of
> late, but I was thinking about GPG signing, and how the proposed
On 17 July 2015 at 13:13, NP-Hardass wrote:
> Additionally, I feel that a signature is a means of acknowledging that
> a package has been looked over, and that developer has stated that
> they approve of the existing state
That much is somewhat implied by a developer owning a commit. Because
in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Not sure if this has been covered in some of the rather long chains of
late, but I was thinking about GPG signing, and how the proposed
workflow requires every developer to sign their commits. Currently,
it's advised that every manifest be signed.
16 matches
Mail list logo
