1 |
On Thu, Mar 24, 2011 at 05:59:45PM -0400, Mike Frysinger wrote: |
2 |
> is there any reason we should allow people to commit unsigned |
3 |
> Manifest's anymore ? generating/posting/enabling a gpg key is |
4 |
> ridiculously easy and there's really no excuse for a dev to not have |
5 |
> done this already. |
6 |
> |
7 |
> when i look at the tree, the signed stats are stupid low: |
8 |
> $ find *-* -maxdepth 2 -name Manifest | wc -l |
9 |
> 14438 |
10 |
> $ find *-* -maxdepth 2 -name Manifest -exec grep -l 'BEGIN PGP |
11 |
> SIGNATURE' {} + | wc -l |
12 |
> 6032 |
13 |
> |
14 |
> this is especially important for the people doing arch keywording |
15 |
> since they make a ton of commits. i'm looking at you armin76. |
16 |
> -mike |
17 |
> |
18 |
Yes, I recall a similar thread in the past but I can't find it. Whilst I |
19 |
am always signing my commits I can't really see a good argument on why |
20 |
we should/should not do it. |
21 |
|
22 |
Regards, |
23 |
-- |
24 |
Markos Chandras / Gentoo Linux Developer / Key ID: B4AFF2C2 |