Re: [gentoo-portage-dev] Enforced OpenPGP signatures
On Tue, Jun 14, 2016 at 10:41:38AM +0200, Alexander Berntsen wrote: > Friends, > > I saw Brian asking Michał to OpenPGP-sign his commits in IRC, to which > Michał quipped that we would have if it were enforced. So perhaps we > should just enforce it. Most of us do it -- but I see Zac not doing it > sometimes, seemingly at random. In any event, I don't think there's a > good reason *not* to sign things. > > What do you think? And what's the procedure/who do we talk to, to get > a pre-push hook set up to enforce it? A pre-push hook would only do it locally for you, it wouldn't enforce it on the server side. Please file a bug to have infra turn it on for the repos you want (specify them in the bug). Here's the actual hook that's used: https://github.com/gentoo/git-gx86-tools/blob/master/hooks/dev-git/update-02-gpg Note that it only verifies on the master branch, and for merges, only the merge-commit onto master is verified. -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Trustee & Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136
[gentoo-portage-dev] Enforced OpenPGP signatures
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Friends, I saw Brian asking Michał to OpenPGP-sign his commits in IRC, to which Michał quipped that we would have if it were enforced. So perhaps we should just enforce it. Most of us do it -- but I see Zac not doing it sometimes, seemingly at random. In any event, I don't think there's a good reason *not* to sign things. What do you think? And what's the procedure/who do we talk to, to get a pre-push hook set up to enforce it? - -- Alexander berna...@gentoo.org https://secure.plaimi.net/~alexander -BEGIN PGP SIGNATURE- Version: GnuPG v2 iQIcBAEBCgAGBQJXX8NBAAoJENQqWdRUGk8BVesP/2wZluWZJtRZQrOqo13T+6bg dCd78xP9wmoqF9BNKBKrT1YjuI87qzJ2npWWmhAo4JqkVWz1pSJ1y0JdkzIESQX1 zyH/sKxBDFWi5Sk51XZK+TK+OD3gvxNjV+Czi6obW7RtQZ+WoZ3JnZ4EJzyeua03 96we+wUp+Gj2auyl1qZRLr8lTWNiQD0g7YG5xsrcnzGr3nsI966ILXYq6KE7UU8+ JyPRe3JWrZlsRYo5PHj0B9CA6a0OT3qO8z1P6n0Jjq9MdLiCKOGGIYOc+6j5FOoi 27LF6CXrQyQlOvgPm6+huHoGEpRIudOUS14l2MHJiwsmXH8uC1XfYDQl+rY7RTA7 GnAVqxE8gT2SpHjXCZfYPkS2ZfkYd9XA+663IpAUOb/ea1B0m6v00Lpen7v62Cxq bySKn46Dugsalh1cWnMCmoVx1yRWtFQwDrzaAa44HuKMRU1J74j/GgwEi0fJxRIR B+2MJr5Gg9WduWgCbEJ+xNB7dh5atjWuDsUsXM1Vh1zFsYPXqyEV8otvDsIAVH2o ZvEXLACB9SK4HYrrvO7Y0RtjY0sQhHs3po3IiVVT5ISC84Gxk5+QWWRGUyakeTN3 nNrYoppITTqBrJ945bs4UWAMf3KAjOxxwQHCK2QRQwIJHTCOMmleVn7zRUKxPk8Z jnW9EKxM9ePcWGjqV7cD =2wKp -END PGP SIGNATURE-