On Saturday, 6 April 2024 18:22:22 CEST Sven Brauch wrote:
> This is basically a discussion about whether it is less risky to trust
> the individual developers, or the people with access to the CI signing
> key. You are trading likeliness of there being one bad actor vs. impact
> one bad actor can
On Friday, 5 April 2024 13:45:35 CEST Carl Schwan wrote:
> I disagree. I want my tarball to be signed with my GPG key stored in my
> Yubiky and not by a generic KDE key. It should be a proof that I as a
> maintainer of a project did the release and not someone else. Same with the
> upload to
On Sunday, 19 February 2023 20:17:07 CET Shivodit wrote:
> I see, that's unfortunate. Maybe I'll take a look at it as a project
> outside of GSoC.
If you do this, many many users will be happy.
--
Marc Deop i Argemí
System Engineer
atch" option I would suggest to filter via the header: X-
GitLab-Commit-ID. But I will leave that to your preferences ;-)
Best,
--
Marc Deop i Argemí
System Engineer
make sure to consider Git Karma [1]
[1] http://karma-runner.github.io/4.0/dev/git-commit-msg.html
--
Marc Deop i Argemí
System Engineer
signature.asc
Description: This is a digitally signed message part.
make sure to consider Git Karma [1]
[1] http://karma-runner.github.io/4.0/dev/git-commit-msg.html
--
Marc Deop i Argemí
System Engineer
signature.asc
Description: This is a digitally signed message part.