openwhisk-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Matt Rutkowski <mrutkow...@apache.org>
Subject Re: should we enable signed commits on our github repos?
Date Tue, 10 Jul 2018 20:02:40 GMT
+1 no more hurdles, signed, tagged releases are just fine by me...

On 2018/07/10 16:22:46, Rodric Rabbah <rodric@gmail.com> wrote: 
> Thanks for the quick feedback - makes sense to try and keep frictionless.
> 
> It occurred to me while verifying the release - working with @vincent to
> publish his key to avoid this:
>    gpg: WARNING: This key is not certified with a trusted signature!
>    gpg:          There is no indication that the signature belongs to the
> owner.
> 
> Good enough for the release manager to go through that :)
> 
> -r
> 
> 
> 
> On Tue, Jul 10, 2018 at 12:14 PM, Michael Marth <mmarth@adobe.com.invalid>
> wrote:
> 
> > +1 to the hurdle. Even in complicated projects people (like me) like to
> > fix typos in READMEs
> >
> >
> > ´╗┐On 10.07.18, 17:46, "Rob Allen" <rob@akrabat.com> wrote:
> >
> >
> >     Personally, I only sign tags on the OSS projects I lead.
> >
> >     If you do it on a per-commit basis, it's yet another hurdle that a
> > contributor has to go through. That may not be a consideration for
> > OpenWhisk as it already is a complicated project for the inexperienced to
> > contribute to.
> >
> >     Regards,
> >
> >     Rob
> >
> >     > On 10 Jul 2018, at 16:41, Rodric Rabbah <rodric@gmail.com> wrote:
> >     >
> >     > Who knows why we haven't enabled signed commits on the apache repos -
> >     > should we require all commits to be signed?
> >     >
> >     > -r
> >     >
> >     > Ref: https://help.github.com/articles/signing-commits-using-gpg/
> >
> >
> >
> >
> >
> 

Mime
View raw message