On Fri, 2016-08-26 at 11:48 -0400, Shaun McCance wrote: > On Fri, 2016-08-26 at 10:17 -0500, Michael Catanzaro wrote: > > On Fri, 2016-08-26 at 10:29 -0400, Shaun McCance wrote: > > > > > > Don't all maintainers already use signed tags for releases? > > No. I used to do this, but stopped a couple years ago because it > > was > > pointless. Nobody should trust my key, so why use it? > > IIRC, git.gnome.org won't let you push an unsigned tag.
Not sure whether we're talking about the same thing, but I never signed any tags, or releases for GNOME. > I've been > tagging releases since the days of CVS, because tags are useful. I > thought everybody did. > > That still leaves the question: If the release team tags with a key > we > can all trust, how does the release team trust that the commit they > tagged is the one the maintainer intended? _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
