On lör, 2016-08-27 at 17:53 +0000, Debarshi Ray wrote:
> Hey,
>
> On Fri, Aug 26, 2016 at 10:17:04AM -0500, Michael Catanzaro wrote:
> >
> > No. I used to do this, but stopped a couple years ago because it
> > was
> > pointless. Nobody should trust my key, so why use it?
> Why shouldn't anybody trust my key if it has been signed by other
> members of the community?
>
> By the way, I have always signed my tags (using git tag -s), and I
> don't think I am the only one. :) eg., gnome-keyring tags are often
> signed. The only exceptions have been when I had to urgently make a
> release from a machine that didn't have my GPG key, but those
> occasions have been exceedingly rare.
Clearly this doesn't hurt. However, its also not something that
currently happens regularly enough that we can use it in automatic
tooling. This is the problem I have with the current setup.
--
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
Alexander Larsson Red Hat, Inc
[email protected] [email protected]
He's an old-fashioned overambitious boxer on a mission from God. She's an
elegant psychic single mother from Mars. They fight crime!
_______________________________________________
gnome-os-list mailing list
[email protected]
https://mail.gnome.org/mailman/listinfo/gnome-os-list
