openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Rodric Rabbah <rod...@gmail.com>
Subject Re: should we enable signed commits on our github repos?
Date Tue, 10 Jul 2018 16:22:46 GMT
Thanks for the quick feedback - makes sense to try and keep frictionless.

It occurred to me while verifying the release - working with @vincent to
publish his key to avoid this:
   gpg: WARNING: This key is not certified with a trusted signature!
   gpg:          There is no indication that the signature belongs to the
owner.

Good enough for the release manager to go through that :)

-r



On Tue, Jul 10, 2018 at 12:14 PM, Michael Marth <mmarth@adobe.com.invalid>
wrote:

> +1 to the hurdle. Even in complicated projects people (like me) like to
> fix typos in READMEs
>
>
> ´╗┐On 10.07.18, 17:46, "Rob Allen" <rob@akrabat.com> wrote:
>
>
>     Personally, I only sign tags on the OSS projects I lead.
>
>     If you do it on a per-commit basis, it's yet another hurdle that a
> contributor has to go through. That may not be a consideration for
> OpenWhisk as it already is a complicated project for the inexperienced to
> contribute to.
>
>     Regards,
>
>     Rob
>
>     > On 10 Jul 2018, at 16:41, Rodric Rabbah <rodric@gmail.com> wrote:
>     >
>     > Who knows why we haven't enabled signed commits on the apache repos -
>     > should we require all commits to be signed?
>     >
>     > -r
>     >
>     > Ref: https://help.github.com/articles/signing-commits-using-gpg/
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message