| 1 |
On Tue, Oct 06, 2020 at 06:17:23PM +0000, Robin H. Johnson wrote: |
| 2 |
> I'm worried about the proliferation of tiny packages just to convey the |
| 3 |
> keys; and how versioning should work if upstream rotates their keys. |
| 4 |
|
| 5 |
That was my initial reaction as well. The app-crypt/openpgp-keys-* will |
| 6 |
potentially double the number of packages in the tree. We can probably |
| 7 |
come up with a better design. |
| 8 |
|
| 9 |
I agree with the need to make it easier for developers to check sigs |
| 10 |
before signing the manifest btw. Thanks for that |
| 11 |
|
| 12 |
-- |
| 13 |
Eray |
Archives