is there any reason we should allow people to commit unsigned
Manifest's anymore ? generating/posting/enabling a gpg key is
ridiculously easy and there's really no excuse for a dev to not have
done this already.
when i look at the tree, the signed stats are stupid low:
$ find *-* -maxdepth 2 -name Manifest | wc -l
14438
$ find *-* -maxdepth 2 -name Manifest -exec grep -l 'BEGIN PGP
SIGNATURE' {} + | wc -l
6032
this is especially important for the people doing arch keywording
since they make a ton of commits. i'm looking at you armin76.
-mike
