On Mon, Jun 4, 2012 at 10:41 PM, Brian Harring <[email protected]> wrote: > The dev, prior to signing that, should be verifying what they're > adding (moreso, what exists between last signed rev and theirs), they > agree to and know of. Specifically, they're asserting their addition.
What Rich is arguing (and which I think makes some sense) is that people will probably not be inclined to verify the signature of the tree they just pulled from gentoo-x86. We can't really force them too, since it happens on their own machine. Still, I think we should drop this discussion for now. Cheers, Dirkjan
