Am 30.01.2014 15:33, schrieb Peter Maydell: > On 16 January 2014 17:35, Michael Tokarev <m...@tls.msk.ru> wrote: >> There's nothing exciting in there, but we have some small bugfixes here and >> there, and a few cosmetic changes too. >> >> This is my first signed pull request too, based on my regular GnuPG key which >> I use to sign Debian packages. >> >> Please pull. > Thanks, applied. You'll see that gpg is a bit alarmist in > the merge commit message because we don't have a strong enough > web of trust between us yet (see also commit 4cddc7f44 for > earlier instances of that in our history). > > thanks > -- PMM
Never mind. Up to now, only Andreas' and Michael's signatures were checked by gpg, and neither of these two were trusted. :-) If you look for the output of "git log | grep gpg:", you'll see that in the remaining 68 cases, gpg did not find the public keys (which normally are available from public key servers). My own signature should also be available from public key servers, and it is also signed by CAcert. We can exchange more information via private e-mail if needed for the web of trust. Regards Stefan
