1 |
On Sun, 27 Mar 2011 17:04:56 -0500 |
2 |
Jeremy Olexa <darkside@g.o> wrote: |
3 |
|
4 |
> > this is especially important for the people doing arch keywording |
5 |
> > since they make a ton of commits. i'm looking at you armin76. |
6 |
> |
7 |
> One thing I don't get amidst this whole conversation is why I should |
8 |
> sign a Manifest file when committing KEYWORDS or something equally as |
9 |
> trivial like deleting ebuilds. By signing the Manifest, I interpret |
10 |
> that as "yes, I committed this Manifest file and yes I trust every |
11 |
> hash in this Manifest file" when in reality, I have no clue if the |
12 |
> Manifest file is correct because I didn't inspect anything. |
13 |
> |
14 |
> Am I missing something? |
15 |
|
16 |
You sign, that you did this. More or less. The guy before you did the |
17 |
same. If there is an error all previous revisions of the tree are |
18 |
available and you can check, whose mistake it was. Nothing really |
19 |
changes, but I can check whether a gentoo dev committed the change and |
20 |
who it was (and that it was not anybody who hacked some rsync mirror). |
21 |
|
22 |
Philipp |
23 |
|
24 |
-- |