On Thu, Mar 24, 2011 at 06:08:53PM -0400, Olivier Crête wrote: > On Thu, 2011-03-24 at 17:59 -0400, Mike Frysinger wrote: > > is there any reason we should allow people to commit unsigned > > Manifest's anymore ? generating/posting/enabling a gpg key is > > ridiculously easy and there's really no excuse for a dev to not have > > done this already. > > I didn't know we still allowed that.. I guess the CVS server should just > reject unsigned Manifests..
Reject, and email an alias of folk who will go fix the manifest. Keep in mind since it's a two stage commit for cvs, the checksums are left out of sync if we just flat out reject unsigned manifests and ignore the fallout. ~brian
pgppq4AHvuvro.pgp
Description: PGP signature
