-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 On Tue, 14 Jun 2016 10:41:38 +0200 Alexander Berntsen <berna...@gentoo.org> wrote:
> Friends, > > I saw Brian asking Michał to OpenPGP-sign his commits in IRC, to which > Michał quipped that we would have if it were enforced. So perhaps we > should just enforce it. Most of us do it -- but I see Zac not doing it > sometimes, seemingly at random. In any event, I don't think there's a > good reason *not* to sign things. > > What do you think? And what's the procedure/who do we talk to, to get > a pre-push hook set up to enforce it? > - -- > Alexander > berna...@gentoo.org > https://secure.plaimi.net/~alexander I think it is a good idea to enforce signed commits. We could even enforce signed pushes like we do the tree. I think it is important that the primary package manager for Gentoo have the same rules for committing as the tree does. signed commits, signed pushes - -- Brian Dolbec <dolsen> -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.1 iQJ8BAEBCgBmBQJXYWniXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRBNUQ3Qzc0RTA4MUNDNzBEQjRBNEFBRjVG QkJEMDg3Mjc1ODIwRUQ4AAoJEPu9CHJ1gg7YAX0P/30gmLrU3AT9Q9EfnCp8eVTT a5T7FbtUF72YZTkklXQMRQMI3Ye+JEYlXSvYyzuXem80xk5nbVWWjemmAdqfkS31 F0i7hLegTVNSCQV1OAtX8h4JqK+niXZBCktdr0hdOYaNWDsKHQVRfVvN/5c2Py8U mAvKbglBfKNAbC8vnv7cu1UkIgjiBNV8b8ka1OEK1/fgW7tw8Fb+0BE2t2Lw6P3z 0cAeo/jxhi0+tywh/U+vqyeeVN6ryV1ILURk0DoRnzulN7nkdgZ99Gf8LzVd4vmP BQEo8UoTHSYd6QpR+8hdZjpHOFA2x0vEgJXUjpYqOXogcXsKV5JA7XfQb3hXKjZ3 MIdvrzuZn+HccJbSMYVdITDlSdlda+ogASYxqse4u9NCJKSOCLADb8RI36M/pnoR IgWF5a4Lox9vQaLjPz7cdyE5QdWxVDG+c3FiutCNnu8GZWoPoIiHbIgaRxP+RCIL 1lNugcIzdOgcvsyTdqb7d+YEiZ1X2RPzNynDfdscQv3IfjsnrfppPRu4I4q13GYw x8Wd3CyzPcn1RNgeJ2+V18co8N3zOcFFpZ7B7eNEcWA+NJdQNb28Xehp1p2kM8yt pV013QZK7/FzBe6YvUkGWyG+g9oMYkQV48FrMn96m9W3OdpSixDr3yN16N78cZ3U 0ttul2AwqwlIrtApR920 =+jZT -----END PGP SIGNATURE-----
