| 1 |
On Thu, Mar 24, 2011 at 05:59:45PM -0400, Mike Frysinger wrote: |
| 2 |
> is there any reason we should allow people to commit unsigned |
| 3 |
> Manifest's anymore ? generating/posting/enabling a gpg key is |
| 4 |
> ridiculously easy and there's really no excuse for a dev to not have |
| 5 |
> done this already. |
| 6 |
> |
| 7 |
> when i look at the tree, the signed stats are stupid low: |
| 8 |
> $ find *-* -maxdepth 2 -name Manifest | wc -l |
| 9 |
> 14438 |
| 10 |
> $ find *-* -maxdepth 2 -name Manifest -exec grep -l 'BEGIN PGP |
| 11 |
> SIGNATURE' {} + | wc -l |
| 12 |
> 6032 |
| 13 |
> |
| 14 |
> this is especially important for the people doing arch keywording |
| 15 |
> since they make a ton of commits. i'm looking at you armin76. |
| 16 |
> -mike |
| 17 |
> |
| 18 |
Yes, I recall a similar thread in the past but I can't find it. Whilst I |
| 19 |
am always signing my commits I can't really see a good argument on why |
| 20 |
we should/should not do it. |
| 21 |
|
| 22 |
Regards, |
| 23 |
-- |
| 24 |
Markos Chandras / Gentoo Linux Developer / Key ID: B4AFF2C2 |
Archives