openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Bertrand Delacretaz <bdelacre...@apache.org>
Subject Re: should we enable signed commits on our github repos?
Date Thu, 12 Jul 2018 14:25:08 GMT
Hi,

On Tue, Jul 10, 2018 at 6:23 PM Rodric Rabbah <rodric@gmail.com> wrote:
> ...working with @vincent to
> publish his key to avoid this:
>    gpg: WARNING: This key is not certified with a trusted signature!
>    gpg:          There is no indication that the signature belongs to the
> owner....

I'm not sure if this is related to GitHub, AFAIK what's happening is
that Vincent's GPG key is not signed by other people in a way that
creates a chain of signatures to your own key.

We usually have key signing events at Apache conferences, see
https://www.apache.org/dev/release-signing.html#key-signing-party and
the following sections.

-Bertrand

Mime
View raw message