1 |
On Tue, Oct 05, 2010 at 05:49:31PM -0700, Zac Medico wrote: |
2 |
> On 10/05/2010 05:26 PM, Robin H. Johnson wrote: |
3 |
> > On Tue, Oct 05, 2010 at 05:53:50PM -0400, James Cloos wrote: |
4 |
> >> Have portage note in the ebuild log what was signed, by what key, and |
5 |
> >> whether the sigs were true. |
6 |
> > zmedico: can we include this in the repoman commit sig? |
7 |
> |
8 |
> Sure. Currently, repoman only signs the Manifest files in the ebuild |
9 |
> directories. For single package commits, that's just one file. However, |
10 |
> it's possible to do category-level or even full-repo level commits, |
11 |
> though they're relatively rare. For these cases we'd be listing all the |
12 |
> Manifest files that changed. |
13 |
Sorry, I should have clarified. I was in favour of including the signing |
14 |
key in the repoman commit message. The list of changed files is an |
15 |
intrinsic property of the commit, so we don't need to duplicate it in |
16 |
the commit message. |
17 |
|
18 |
'(Signed Manifest commit)' - alter that to include the signing key env var. |
19 |
|
20 |
-- |
21 |
Robin Hugh Johnson |
22 |
Gentoo Linux: Developer, Trustee & Infrastructure Lead |
23 |
E-Mail : robbat2@g.o |
24 |
GnuPG FP : 11AC BA4F 4778 E3F6 E4ED F38E B27B 944E 3488 4E85 |