1 |
On 2018-06-14 21:55, kuzetsa wrote: |
2 |
> for non-developers who already contribute using a |
3 |
> git-based workflow, all github does (for example: for me |
4 |
> in-particular) is provide a convenient way to validate |
5 |
> that the commit was made by me and not someone else. |
6 |
> |
7 |
> so long as repoman's default requirement that commits |
8 |
> should be signed, the github infrastructure knows which |
9 |
> PGP key is mine, and marks my commits as verified. for my |
10 |
> comfort, the increased effort to use a different workflow |
11 |
> (switching infra for git pushes) would be trivial, but |
12 |
> the burden is still a burden. a needless burden. |
13 |
|
14 |
GitHub's feature to display "verified" status has zero meaning for the |
15 |
Gentoo project. We only trust our own key store. |
16 |
|
17 |
But this all doesn't matter: |
18 |
GitLab for example offers a similar feature. I.e. you can add your |
19 |
public key to your GitLab.com account like you did with your GitHub.com |
20 |
account and GitLab will display the same "verified" indicator. |
21 |
|
22 |
|
23 |
-- |
24 |
Regards, |
25 |
Thomas Deutschmann / Gentoo Linux Developer |
26 |
C4DD 695F A713 8F24 2AA1 5638 5849 7EE5 1D5D 74A5 |