once we move to git, the workflow for proxy maintainers is going to be a lot smoother. the question is how to handle signing with proxy maintainers.
it would be nice if said proxied maintainers would sign things and that would be preserved all the way to the push to the common server. pros: - Gentoo dev doing the proxy can pull, look at the commits, and then push cons: - proxied maintainers need to set up pgp too - we need to have another list of keys to accept outside of the existing Gentoo dev list - easy to miss if commit was made through repoman, or on an older tree the other method would be that a Gentoo dev pulls the changesets and then runs `repoman commit` himself. pros: - proxied maintainers need not think of pgp at all - we only need the original Gentoo dev key list - the Gentoo dev knows immediately if there's a repoman problem cons: - workflow not as smooth i thinking about this last bit, i wonder if that could simply be addressed in repoman itself ? we could add a "repoman push" command that compared the remote branch to the local one to find out all the packages that have been updated, go into each one and rebuild just the Manifest, and then do the `git push`. -mike
