| 1 |
W dniu pią, 06.07.2018 o godzinie 10∶11 +0200, użytkownik Manuel Rüger |
| 2 |
napisał: |
| 3 |
> I disagree with adding this as a requirement. |
| 4 |
> |
| 5 |
> Services should explicitly fail to work with expired GPG keys, key |
| 6 |
> renewal times should be at the key owner's descretion. |
| 7 |
> This should still be a recommendation that guarantees the key owner to |
| 8 |
> continue work without interruption. |
| 9 |
> |
| 10 |
|
| 11 |
They do. That is why we need the updates to happen early enough so that |
| 12 |
the services can sync. It's not nice when Gentoo repository |
| 13 |
distribution is stalled because a developer changed his key and not all |
| 14 |
services have synced yet. |
| 15 |
|
| 16 |
I've only recently hit the case when my important fix wasn't distributed |
| 17 |
to users immediately (= more users hit severe breakage) because |
| 18 |
a developer started using new key before all servers could sync it. |
| 19 |
|
| 20 |
-- |
| 21 |
Best regards, |
| 22 |
Michał Górny |
Archives