On Sun, 27 Mar 2011 17:04:56 -0500 Jeremy Olexa <darks...@gentoo.org> wrote:
> > this is especially important for the people doing arch keywording > > since they make a ton of commits. i'm looking at you armin76. > > One thing I don't get amidst this whole conversation is why I should > sign a Manifest file when committing KEYWORDS or something equally as > trivial like deleting ebuilds. By signing the Manifest, I interpret > that as "yes, I committed this Manifest file and yes I trust every > hash in this Manifest file" when in reality, I have no clue if the > Manifest file is correct because I didn't inspect anything. > > Am I missing something? You sign, that you did this. More or less. The guy before you did the same. If there is an error all previous revisions of the tree are available and you can check, whose mistake it was. Nothing really changes, but I can check whether a gentoo dev committed the change and who it was (and that it was not anybody who hacked some rsync mirror). Philipp --
