1 |
On Wed, 15 Apr 2015 11:06:22 +0200 Michał Górny wrote: |
2 |
> Dnia 2015-04-15, o godz. 11:59:12 |
3 |
> Andrew Savchenko <bircoph@g.o> napisał(a): |
4 |
> |
5 |
> > Hi, |
6 |
> > |
7 |
> > why manifest signatures are still optional for repoman? |
8 |
> > |
9 |
> > Repoman signatures are currently optional and this creates nasty |
10 |
> > consequences: if signing errors occurs, repoman still proceeds :/ |
11 |
> > |
12 |
> > I just had a phone call during repoman commit and was not able to |
13 |
> > type my password. Due to gpg-agent timeout repoman completed commit |
14 |
> > without a signature :( Should signatures be mandatory, repoman will |
15 |
> > bail out on such conditions and devs can recommit again safely. |
16 |
> |
17 |
> This is problem with the CVS two-commit procedure. The only solution is |
18 |
> to stop using CVS keywords which people don't want to do because THEY |
19 |
> ARE SO VERY USEFUL. |
20 |
> |
21 |
> Or make repoman do first commit without Manifest, so instead of |
22 |
> unsigned Manifest you'd have Manifest failure. |
23 |
|
24 |
Is there any way to commit manifest first, then the rest of the |
25 |
files? Of course there may be a network failure in-between, but |
26 |
this should easily fixable with one more repoman commit run. |
27 |
|
28 |
|
29 |
Best regards, |
30 |
Andrew Savchenko |