On Thu, Jan 12, 2017 at 08:17:14AM +0100, Michal Simek wrote: > On 12.1.2017 08:13, Masahiro Yamada wrote: > > 2017-01-12 15:42 GMT+09:00 Michal Simek <michal.si...@xilinx.com>: > >> On 11.1.2017 17:28, Tom Rini wrote: > >>> On Wed, Jan 11, 2017 at 09:59:29AM +0100, Michal Simek wrote: > >>> > >>>> Hi Tom, > >>>> > >>>> here are changes I have collected. Travis is not reporting any issue. > >>>> I have also started to use signed tags to be clear what to take. > >>> > >>> Ah, signed tags. How much more work is that on your end? > >> > >> Almost nothing just git tag -s and write some stuff. arm-soc starts to > >> use that long time ago that's why when you setup it once there is not an > >> issue. Maybe good time to consider to move to the same model. > >> > > > > Interesting. > > > > Maybe, will we have a key signing party in the next U-Boot mini summit? > > The GPG certificate can be checked only when we have the chain of trust. > > Tom probably has my key already from past. Definitely u-boot mini summit > is a good opportunity for this. > > > > > More more difference for pulling a tag commit is that > > git always creates a merge commit > > even if the pull-request is sitting on the top of the upstream tree. > > It is up to Tom what flow he wants to use and how that merge commits > will look like.
So, I've thought about this a bit more. To me, at least initially, the web of trust isn't as important as the information (and so history) that's in the signed tags about what's coming in. I want us to have better release notes about what has changed and I think tags will help. I'm not going to make it mandatory right now, I'd like people to try it out and see what they think. A look over https://www.kernel.org/pub/software/scm/git/docs/howto/using-signed-tag-in-pull-request.html may help people that haven't done it before. -- Tom
signature.asc
Description: Digital signature
_______________________________________________ U-Boot mailing list U-Boot@lists.denx.de http://lists.denx.de/mailman/listinfo/u-boot
