| 1 |
>>>>> "RHJ" == Robin H Johnson <robbat2@g.o> writes: |
| 2 |
|
| 3 |
>> Include the signing keyid in the filename to support both allowing |
| 4 |
>> multiple devs to sign a file and an easy indication of who signed it. |
| 5 |
|
| 6 |
RHJ> You can extract keyid from any signature trivially. |
| 7 |
|
| 8 |
But if it is not in the filename you cannot have multiple sig files. |
| 9 |
|
| 10 |
>> Don't stop everything just because /one/ package has a problem. |
| 11 |
|
| 12 |
RHJ> This is already controllable. |
| 13 |
|
| 14 |
If you mean --keep-going, that may work sometimes, but never did when I |
| 15 |
really needed it. |
| 16 |
|
| 17 |
>> And think about a way to sign Changelog entries. |
| 18 |
|
| 19 |
RHJ> We wanted commit-signing with the git migration... |
| 20 |
|
| 21 |
Good choice. |
| 22 |
|
| 23 |
-JimC |
| 24 |
-- |
| 25 |
James Cloos <cloos@×××××××.com> OpenPGP: 1024D/ED7DAEA6 |
Archives