On Friday, 5 April 2024 13:45:35 CEST Carl Schwan wrote:
> I disagree. I want my tarball to be signed with my GPG key stored in my
> Yubiky and not by a generic KDE key. It should be a proof that I as a
> maintainer of a project did the release and not someone else. Same with the
> upload to downlo
Hi,
On 06.04.24 13:07, Marc Deop i Argemí wrote:
If you automate things, everything can be reviewed/validated by more than one
entity and thus increasing security.
The CI can be reviewed and audited but your personal laptop and your workflow
cannot.
This is basically a discussion about whethe
Am Samstag, 6. April 2024, 18:22:22 CEST schrieb Sven Brauch:
> Hi,
>
> On 06.04.24 13:07, Marc Deop i Argemí wrote:
>
> > If you automate things, everything can be reviewed/validated by more than
> > one
> > entity and thus increasing security.
> >
> > The CI can be reviewed and audited but you
