1 |
W dniu pią, 06.07.2018 o godzinie 10∶11 +0200, użytkownik Manuel Rüger |
2 |
napisał: |
3 |
> I disagree with adding this as a requirement. |
4 |
> |
5 |
> Services should explicitly fail to work with expired GPG keys, key |
6 |
> renewal times should be at the key owner's descretion. |
7 |
> This should still be a recommendation that guarantees the key owner to |
8 |
> continue work without interruption. |
9 |
> |
10 |
|
11 |
They do. That is why we need the updates to happen early enough so that |
12 |
the services can sync. It's not nice when Gentoo repository |
13 |
distribution is stalled because a developer changed his key and not all |
14 |
services have synced yet. |
15 |
|
16 |
I've only recently hit the case when my important fix wasn't distributed |
17 |
to users immediately (= more users hit severe breakage) because |
18 |
a developer started using new key before all servers could sync it. |
19 |
|
20 |
-- |
21 |
Best regards, |
22 |
Michał Górny |