On Mon, Jun 4, 2012 at 10:41 PM, Brian Harring <ferringb@...> wrote:
> The dev, prior to signing that, should be verifying what they're
> adding (moreso, what exists between last signed rev and theirs), they
> agree to and know of. Specifically, they're asserting their addition.
What Rich is arguing (and which I think makes some sense) is that
people will probably not be inclined to verify the signature of the
tree they just pulled from gentoo-x86. We can't really force them too,
since it happens on their own machine.
Still, I think we should drop this discussion for now.