On Fri, Mar 25, 2011 at 6:11 AM, Peter Volkov wrote: > В Чтв, 24/03/2011 в 17:59 -0400, Mike Frysinger пишет: >> is there any reason we should allow people to commit unsigned >> Manifest's anymore ? > > Why? Without policy on how we do that and more importantly how we check > that signing makes no sense...
so you want to wait until we have a 100% fully automated checking system in place before even attempting the first 1% ? that doesnt make much sense ... you have to start somewhere. there's also nothing stopping people from verifying packages right now by picking some keys to trust. i can certainly verify a lot of packages by following the web of trust that starts at my key. -mike
