On Wed, Sep 04, 2013 at 07:38:33AM +0200, Jaromír Mikeš wrote: > > > Don't sign tags. > > > > > > diff --git a/debian/gbp.conf b/debian/gbp.conf > > > index 2c53314..8dd9bb3 100644 > > > --- a/debian/gbp.conf > > > +++ b/debian/gbp.conf > > > @@ -1,8 +1,5 @@ > > > -# Configuration file for git-buildpackage and friends > > > - > > > [DEFAULT] > > > pristine-tar = True > > > -sign-tags = True > > > > Why? I thought signing the import and release tags helps us establishing > > a trust chain from the source to the final package.
> It has been discussed here > http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/2013-June/032853.html Thanks. So ~/.gbp.conf it is then. Makes sense. Cheers -- mail: a...@thur.de http://adi.thur.de PGP/GPG: key via keyserver _______________________________________________ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-multimedia-maintainers
