| 1 |
On Sun, 27 Mar 2011 17:04:56 -0500 |
| 2 |
Jeremy Olexa <darkside@g.o> wrote: |
| 3 |
|
| 4 |
> > this is especially important for the people doing arch keywording |
| 5 |
> > since they make a ton of commits. i'm looking at you armin76. |
| 6 |
> |
| 7 |
> One thing I don't get amidst this whole conversation is why I should |
| 8 |
> sign a Manifest file when committing KEYWORDS or something equally as |
| 9 |
> trivial like deleting ebuilds. By signing the Manifest, I interpret |
| 10 |
> that as "yes, I committed this Manifest file and yes I trust every |
| 11 |
> hash in this Manifest file" when in reality, I have no clue if the |
| 12 |
> Manifest file is correct because I didn't inspect anything. |
| 13 |
> |
| 14 |
> Am I missing something? |
| 15 |
|
| 16 |
You sign, that you did this. More or less. The guy before you did the |
| 17 |
same. If there is an error all previous revisions of the tree are |
| 18 |
available and you can check, whose mistake it was. Nothing really |
| 19 |
changes, but I can check whether a gentoo dev committed the change and |
| 20 |
who it was (and that it was not anybody who hacked some rsync mirror). |
| 21 |
|
| 22 |
Philipp |
| 23 |
|
| 24 |
-- |
Archives