On Fri, Aug 26, 2016 at 11:48:58AM -0400, Shaun McCance wrote:
> On Fri, 2016-08-26 at 10:17 -0500, Michael Catanzaro wrote:
> > On Fri, 2016-08-26 at 10:29 -0400, Shaun McCance wrote:
> > >
> > > Don't all maintainers already use signed tags for releases?
> > No. I used to do this, but stopped a
On Fri, 2016-08-26 at 11:21 -0500, Michael Catanzaro wrote:
> On Fri, 2016-08-26 at 11:48 -0400, Shaun McCance wrote:
> >
> > IIRC, git.gnome.org won't let you push an unsigned tag.
> I've been doing it for a while, so it most certainly does! I don't
> see
> value in signing our tags as (a) clearl
On Fri, 2016-08-26 at 11:48 -0400, Shaun McCance wrote:
> On Fri, 2016-08-26 at 10:17 -0500, Michael Catanzaro wrote:
> > On Fri, 2016-08-26 at 10:29 -0400, Shaun McCance wrote:
> > >
> > > Don't all maintainers already use signed tags for releases?
> > No. I used to do this, but stopped a couple
On Fri, 2016-08-26 at 11:48 -0400, Shaun McCance wrote:
> IIRC, git.gnome.org won't let you push an unsigned tag.
I've been doing it for a while, so it most certainly does! I don't see
value in signing our tags as (a) clearly nobody is checking the
signatures, and (b) we don't currently have any c
On Fri, 2016-08-26 at 10:17 -0500, Michael Catanzaro wrote:
> On Fri, 2016-08-26 at 10:29 -0400, Shaun McCance wrote:
> >
> > Don't all maintainers already use signed tags for releases?
> No. I used to do this, but stopped a couple years ago because it was
> pointless. Nobody should trust my key,
On Fri, 2016-08-26 at 10:29 -0400, Shaun McCance wrote:
> Don't all maintainers already use signed tags for releases?
No. I used to do this, but stopped a couple years ago because it was
pointless. Nobody should trust my key, so why use it?
Michael
___
On Fri, 2016-08-26 at 12:05 +0200, Alexander Larsson wrote:
> On fre, 2016-08-26 at 05:02 -0500, Michael Catanzaro wrote:
> >
> > Clone via https:// rather than using git://
> Does git verify signatures for this? That avoids the MITM attack i
> guess.
>
> Still, I would like us to eventually have
On fre, 2016-08-26 at 13:39 +0200, Bastien Nocera wrote:
> On Fri, 2016-08-26 at 09:43 +0200, Alexander Larsson wrote:
> >
> > Anyway, the best we can do now is i think having a git repo, say
> > gnome-
> > apps-nightly, that has two files in it, listing for each row:
> > * A git repo
> > * A bran
On Fri, 2016-08-26 at 09:43 +0200, Alexander Larsson wrote:
> On tor, 2016-08-25 at 17:29 +0100, Richard Hughes wrote:
> > On 25 August 2016 at 16:29, Alexander Larsson
> > wrote:
> > >
> > > However, it would
> > > make more sense for each individual application developers to
> > > maintain
> >
On fre, 2016-08-26 at 05:02 -0500, Michael Catanzaro wrote:
> Clone via https:// rather than using git://
Does git verify signatures for this? That avoids the MITM attack i
guess.
Still, I would like us to eventually have a setup where every stable
release of every gnome module has a GPG signed c
On Fri, 2016-08-26 at 09:43 +0200, Alexander Larsson wrote:
> i.e nobody [...] MITMed our connection to git.gnome.org
Clone via https:// rather than using git://
___
desktop-devel-list mailing list
desktop-devel-list@gnome.org
https://mail.gnome.org/mail
On tor, 2016-08-25 at 17:29 +0100, Richard Hughes wrote:
> On 25 August 2016 at 16:29, Alexander Larsson
> wrote:
> >
> > However, it would
> > make more sense for each individual application developers to
> > maintain
> > the manifest in the applications git repo.
> I think this is a very good i
On tor, 2016-08-25 at 17:12 +0100, Alberto Ruiz wrote:
>
>
> 2016-08-25 16:29 GMT+01:00 Alexander Larsson :
> > After some work I now have the gnome runtimes and applications
> > building again, now on the new gnome build infrastructure.
> >
> > We no have these nuild machines:
> >
> > sdkbuild
13 matches
Mail list logo