Gentoo Archives: gentoo-portage-dev

From: Brian Dolbec <dolsen@g.o>
To: gentoo-portage-dev@l.g.o
Subject: Re: [gentoo-portage-dev] Enforced OpenPGP signatures
Date: Wed, 15 Jun 2016 14:45:49
Message-Id: 20160615074450.0cb0a75a.dolsen@gentoo.org
In Reply to: [gentoo-portage-dev] Enforced OpenPGP signatures by Alexander Berntsen
1 -----BEGIN PGP SIGNED MESSAGE-----
2 Hash: SHA512
3
4 On Tue, 14 Jun 2016 10:41:38 +0200
5 Alexander Berntsen <bernalex@g.o> wrote:
6
7 > Friends,
8 >
9 > I saw Brian asking Michał to OpenPGP-sign his commits in IRC, to which
10 > Michał quipped that we would have if it were enforced. So perhaps we
11 > should just enforce it. Most of us do it -- but I see Zac not doing it
12 > sometimes, seemingly at random. In any event, I don't think there's a
13 > good reason *not* to sign things.
14 >
15 > What do you think? And what's the procedure/who do we talk to, to get
16 > a pre-push hook set up to enforce it?
17 > - --
18 > Alexander
19 > bernalex@g.o
20 > https://secure.plaimi.net/~alexander
21
22 I think it is a good idea to enforce signed commits.
23
24 We could even enforce signed pushes like we do the tree.
25
26 I think it is important that the primary package manager for Gentoo
27 have the same rules for committing as the tree does.
28
29 signed commits, signed pushes
30
31 - --
32 Brian Dolbec <dolsen>
33
34 -----BEGIN PGP SIGNATURE-----
35 Version: GnuPG v2.1
36
37 iQJ8BAEBCgBmBQJXYWniXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
38 ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNUQ3Qzc0RTA4MUNDNzBEQjRBNEFBRjVG
39 QkJEMDg3Mjc1ODIwRUQ4AAoJEPu9CHJ1gg7YAX0P/30gmLrU3AT9Q9EfnCp8eVTT
40 a5T7FbtUF72YZTkklXQMRQMI3Ye+JEYlXSvYyzuXem80xk5nbVWWjemmAdqfkS31
41 F0i7hLegTVNSCQV1OAtX8h4JqK+niXZBCktdr0hdOYaNWDsKHQVRfVvN/5c2Py8U
42 mAvKbglBfKNAbC8vnv7cu1UkIgjiBNV8b8ka1OEK1/fgW7tw8Fb+0BE2t2Lw6P3z
43 0cAeo/jxhi0+tywh/U+vqyeeVN6ryV1ILURk0DoRnzulN7nkdgZ99Gf8LzVd4vmP
44 BQEo8UoTHSYd6QpR+8hdZjpHOFA2x0vEgJXUjpYqOXogcXsKV5JA7XfQb3hXKjZ3
45 MIdvrzuZn+HccJbSMYVdITDlSdlda+ogASYxqse4u9NCJKSOCLADb8RI36M/pnoR
46 IgWF5a4Lox9vQaLjPz7cdyE5QdWxVDG+c3FiutCNnu8GZWoPoIiHbIgaRxP+RCIL
47 1lNugcIzdOgcvsyTdqb7d+YEiZ1X2RPzNynDfdscQv3IfjsnrfppPRu4I4q13GYw
48 x8Wd3CyzPcn1RNgeJ2+V18co8N3zOcFFpZ7B7eNEcWA+NJdQNb28Xehp1p2kM8yt
49 pV013QZK7/FzBe6YvUkGWyG+g9oMYkQV48FrMn96m9W3OdpSixDr3yN16N78cZ3U
50 0ttul2AwqwlIrtApR920
51 =+jZT
52 -----END PGP SIGNATURE-----