1 |
On Tue, Oct 06, 2020 at 06:17:23PM +0000, Robin H. Johnson wrote: |
2 |
> I'm worried about the proliferation of tiny packages just to convey the |
3 |
> keys; and how versioning should work if upstream rotates their keys. |
4 |
|
5 |
That was my initial reaction as well. The app-crypt/openpgp-keys-* will |
6 |
potentially double the number of packages in the tree. We can probably |
7 |
come up with a better design. |
8 |
|
9 |
I agree with the need to make it easier for developers to check sigs |
10 |
before signing the manifest btw. Thanks for that |
11 |
|
12 |
-- |
13 |
Eray |