On 09/20/2013 02:33 AM, Thomas Goirand wrote: > > Hi, > > Has anyone thought about having a PGP key signing party during the > summit? Guys from the Linux kernel thought it was useless, but after the > hack of kernel.org, they started to understand it was useful, and now > they do have a "web of trust". As a package maintainer, I would very > much like to have a signing event during the next HK summit, and collect > signatures so that I can check the pgp signed tags, which to my very > satisfaction, starts to appear for every package release (not sure if > this comes from the fact I've been annoying everyone about it in this > list, though that's a very good thing).
As a note, actually, it is impossible now to make an OpenStack release without a signed tag - the process of releasing itself is triggered only by signed tags. So yes - I fully support developing a keyring. _______________________________________________ OpenStack-dev mailing list [email protected] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
