On Thu, Apr 28, 2016 at 12:06:56PM -0700, Junio C Hamano wrote: > Jeff King <peff@xxxxxxxx> writes: > > > On Thu, Apr 28, 2016 at 09:09:44AM -0700, Stefan Beller wrote: > > > >> > I think the key thing with a blacklist is somebody has to go to the work > >> > to audit the existing keys. > >> > >> Would it be sufficient to wait until someone screams at the mailing list > >> for some key to be blacklisted? (I mean in the short term that would be > >> of less quality, but relying on the larger community would result in a better > >> end result? So your going through is just a jump start this process of > >> listening to the community?) > > > > Yeah, I think ultimately we will rely on the community. But I would feel > > a lot more comfortable if somebody made at least a single pass. > > > > I'll be curious what Junio says, too. I generally defer to him on how > > conservative we want to be in cases like this. > > Starting from an empty whitelist and waiting for people to scream > with valid use cases would automatically give us the single pass to > identify the set of essential ones that users must be able to pass, > no? It's definitely sufficient, it's just annoying if a user shows up every week and says "I want X.Y", and then somebody else shows up a week later and says "I want X.Z". Are we serving any purpose in vetting each one (and if so, what)? -Peff -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html