On 8/8/2022 11:50 AM, Michael Niedermayer wrote:
Given the recent server issues, i wonder if we should suggest/recommand
and document signing commits and tags
fwiw, the git repo isn't hosted in the server that had issues.
i tried to push such commit to github and it nicely says "verified"
https://github.com/michaelni/FFmpeg/commit/75f196acd16fb0c0ca7a94f0c66072e7c6f736bf
Ive generated a new gpg key for this experiment as i dont have my
main key on the box used for git development and also using more
modern eliptic curve stuff (smaller keys & sigs)
i will upload this key to the keyservers in case it becomes the
one i use for git.
I agree 100% we should sign release tags, and not only the tarballs.
Telling people to sign random commits isn't as useful, but if people
want to do it then that's fine too.
-----BEGIN PGP PUBLIC KEY BLOCK-----
mDMEYvA3sxYJKwYBBAHaRw8BAQdAhF26S5QlUZssryHGHLYw61FsF+0s54qWEDm1
Rurfi5O0ME1pY2hhZWwgTmllZGVybWF5ZXIgPG1pY2hhZWwtZ2l0QG5pZWRlcm1h
eWVyLmNjPoiWBBMWCAA+FiEE3R7J6N4IXGKbPhhGsY6JKLOUjWQFAmLwN7MCGwMF
CQPCZwAFCwkIBwIGFQoJCAsCBBYCAwECHgECF4AACgkQsY6JKLOUjWTKMwD8DW39
MrtvYdjP/CvxWTma+MErgkFfrx67y+zO0r6vYmYA/063Y7s6+ef0Whydf5xlJLYF
nX3ZwXnZubVsjJz0WV0EuDgEYvA3sxIKKwYBBAGXVQEFAQEHQD381bpdRfPa3DjW
WFQx1IeRgeSavPep1v4C2noShjcTAwEIB4h4BBgWCAAgFiEE3R7J6N4IXGKbPhhG
sY6JKLOUjWQFAmLwN7MCGwwACgkQsY6JKLOUjWRryQEA+nEGWw5ygbiYpSe34erz
opoxh+iIUdzl+OnyU2fpNVsA/A91nhyyR8eMlAptr16FVoEnZBHtcK2cTcGxqkdL
JMkG
=D6v5
-----END PGP PUBLIC KEY BLOCK-----
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel
To unsubscribe, visit link above, or email
ffmpeg-devel-requ...@ffmpeg.org with subject "unsubscribe".
