+1 no more hurdles, signed, tagged releases are just fine by me...
On 2018/07/10 16:22:46, Rodric Rabbah <rod...@gmail.com> wrote: > Thanks for the quick feedback - makes sense to try and keep frictionless. > > It occurred to me while verifying the release - working with @vincent to > publish his key to avoid this: > gpg: WARNING: This key is not certified with a trusted signature! > gpg: There is no indication that the signature belongs to the > owner. > > Good enough for the release manager to go through that :) > > -r > > > > On Tue, Jul 10, 2018 at 12:14 PM, Michael Marth <mma...@adobe.com.invalid> > wrote: > > > +1 to the hurdle. Even in complicated projects people (like me) like to > > fix typos in READMEs > > > > > > On 10.07.18, 17:46, "Rob Allen" <r...@akrabat.com> wrote: > > > > > > Personally, I only sign tags on the OSS projects I lead. > > > > If you do it on a per-commit basis, it's yet another hurdle that a > > contributor has to go through. That may not be a consideration for > > OpenWhisk as it already is a complicated project for the inexperienced to > > contribute to. > > > > Regards, > > > > Rob > > > > > On 10 Jul 2018, at 16:41, Rodric Rabbah <rod...@gmail.com> wrote: > > > > > > Who knows why we haven't enabled signed commits on the apache repos - > > > should we require all commits to be signed? > > > > > > -r > > > > > > Ref: https://help.github.com/articles/signing-commits-using-gpg/ > > > > > > > > > > >
