On Thu, Mar 24, 2011 at 05:59:45PM -0400, Mike Frysinger wrote:
> is there any reason we should allow people to commit unsigned
> Manifest's anymore ? generating/posting/enabling a gpg key is
> ridiculously easy and there's really no excuse for a dev to not have
> done this already.
>
> when i look at the tree, the signed stats are stupid low:
> $ find *-* -maxdepth 2 -name Manifest | wc -l
> 14438
> $ find *-* -maxdepth 2 -name Manifest -exec grep -l 'BEGIN PGP
> SIGNATURE' {} + | wc -l
> 6032
>
> this is especially important for the people doing arch keywording
> since they make a ton of commits. i'm looking at you armin76.
> -mike
>
Yes, I recall a similar thread in the past but I can't find it. Whilst I
am always signing my commits I can't really see a good argument on why
we should/should not do it.Regards, -- Markos Chandras / Gentoo Linux Developer / Key ID: B4AFF2C2
pgp95FTnuPs1A.pgp
Description: PGP signature
