On Thu, Mar 24, 2011 at 8:21 PM, Brian Harring wrote: > On Thu, Mar 24, 2011 at 06:08:53PM -0400, Olivier Crête wrote: >> On Thu, 2011-03-24 at 17:59 -0400, Mike Frysinger wrote: >> > is there any reason we should allow people to commit unsigned >> > Manifest's anymore ? generating/posting/enabling a gpg key is >> > ridiculously easy and there's really no excuse for a dev to not have >> > done this already. >> >> I didn't know we still allowed that.. I guess the CVS server should just >> reject unsigned Manifests.. > > Reject, and email an alias of folk who will go fix the manifest. Keep > in mind since it's a two stage commit for cvs, the checksums are left > out of sync if we just flat out reject unsigned manifests and ignore > the fallout.
the fallout is said dev fixes their setup or they lose commit access i dont expect the rejection to go into effect $now, so people not signing have plenty of time to start doing so -mike
