V Fri, Sep 16, 2022 at 01:56:03PM -0400, Todd Zullinger napsal(a): > Kevin Fenzi wrote: > > On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote: > >> Isn't peer review much better and easier solution over all? We could also > >> require signed commits I guess. > > > > I think it would slow things down quite a lot to require peer review of > > every commit. > > > > I'd personally like to avoid anything where we need to support gpg. > > It's a mess and I think it would waste a lot of cycles explaining how to > > use it or help people get setup. ;( If there's some easier/more clear > > way to sign things that could be a option tho. > > Since git-2.34 (released in November of last year), ssh may > be used for signing commits and/or pushes. That's likely a > bit simpler than gpg. > Is administrating SSH keys any easier (for a packager and for Fedora infrastructure) than PGP keys? -- Petr
Attachment:
signature.asc
Description: PGP signature
_______________________________________________ devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
