| 1 |
On Tue, Oct 05, 2010 at 05:49:31PM -0700, Zac Medico wrote: |
| 2 |
> On 10/05/2010 05:26 PM, Robin H. Johnson wrote: |
| 3 |
> > On Tue, Oct 05, 2010 at 05:53:50PM -0400, James Cloos wrote: |
| 4 |
> >> Have portage note in the ebuild log what was signed, by what key, and |
| 5 |
> >> whether the sigs were true. |
| 6 |
> > zmedico: can we include this in the repoman commit sig? |
| 7 |
> |
| 8 |
> Sure. Currently, repoman only signs the Manifest files in the ebuild |
| 9 |
> directories. For single package commits, that's just one file. However, |
| 10 |
> it's possible to do category-level or even full-repo level commits, |
| 11 |
> though they're relatively rare. For these cases we'd be listing all the |
| 12 |
> Manifest files that changed. |
| 13 |
Sorry, I should have clarified. I was in favour of including the signing |
| 14 |
key in the repoman commit message. The list of changed files is an |
| 15 |
intrinsic property of the commit, so we don't need to duplicate it in |
| 16 |
the commit message. |
| 17 |
|
| 18 |
'(Signed Manifest commit)' - alter that to include the signing key env var. |
| 19 |
|
| 20 |
-- |
| 21 |
Robin Hugh Johnson |
| 22 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
| 23 |
E-Mail : robbat2@g.o |
| 24 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |
Archives