Mark Phippard wrote on Tue, May 14, 2013 at 17:03:48 -0400: > I am still getting those test failures in the svnrdump and svnsync > tests. Given that the tests work for others, I would guess this is > something odd about my machine setup. I manually did an svnsync to > confirm the binary worked. > > In the svn:// and http:// tests I have a couple of additional failures > I have not looked at yet that might be due to running the tests in > parallel. > > Should I just sign the release and then leave it up to Ben if he wants > to count my signature towards the Windows total, or just not sign it > at all?
Signing the tarballs achieves two purposes: 1. It communicates to the community (including users) that you are +1 on that tarball being GA quality. 2. It allows people who download a tarball to establish a chain of trust back to a Subversion committer. The former is sensitive to those "additional failures" you mention. The latter isn't. That said, if you have signed the PGP keys of developers who will sign the release, the marginal advantage to 'gpg --verify'iers of your signature is minimal --- i.e., the latter goal isn't helped much. Does that make sense? Daniel
