Hi all,

it's about time to finalize our signing policy to get all our packages
properly signed as soon as possible. Note that this is just about
signing the package itself. How we will manage our keyring and sign that
one using master keys is a different story.

At first please have a look at
https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages and
let me know if there is anything wrong or unclear. I would like to
present this little Howto to the TU so that community packages can be
signed as well.

To speed things up I'd like to let dbscripts enforce signed packages.
This means that from now on no new packages can be uploaded that don't
have a signature. We may give the TU a ew days mroe time as this will be
new to them.

If you just agree with all this send a +1.

Greetings,

Pierre

--
Pierre Schmitz, http://pierre-schmitz.com

Am 30.10.2011 14:12, schrieb Pierre Schmitz:
> To speed things up I'd like to let dbscripts enforce signed packages.
> This means that from now on no new packages can be uploaded that don't
> have a signature.

+1

> We may give the TU a ew days mroe time as this will be
> new to them.

-1 - they had more than enough time.

On 30 October 2011 14:22, Allan McRae <allan@archlinux.org> wrote:
> On 30/10/11 23:12, Pierre Schmitz wrote:
>>
>> If you just agree with all this send a +1.
>
> +1
>

Sounds good.

--
Guillaume

On 30/10/11 23:12, Pierre Schmitz wrote:

If you just agree with all this send a +1.


+1

On Sunday 30 October 2011 14:12:20 Pierre Schmitz wrote:
> Hi all,
>
> it's about time to finalize our signing policy to get all our packages
> properly signed as soon as possible. Note that this is just about
> signing the package itself. How we will manage our keyring and sign that
> one using master keys is a different story.
>
> At first please have a look at
> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages and
> let me know if there is anything wrong or unclear. I would like to
> present this little Howto to the TU so that community packages can be
> signed as well.
>
> To speed things up I'd like to let dbscripts enforce signed packages.
> This means that from now on no new packages can be uploaded that don't
> have a signature. We may give the TU a ew days mroe time as this will be
> new to them.
>
> If you just agree with all this send a +1.

+1 to enforce signed packages. This has been discussed for months and creating
a key takes only a few seconds.

-t

Il 30/10/2011 14:12, Pierre Schmitz ha scritto:

Hi all,

it's about time to finalize our signing policy to get all our packages
properly signed as soon as possible. Note that this is just about
signing the package itself. How we will manage our keyring and sign that
one using master keys is a different story.

At first please have a look at
https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages and
let me know if there is anything wrong or unclear. I would like to
present this little Howto to the TU so that community packages can be
signed as well.

To speed things up I'd like to let dbscripts enforce signed packages.
This means that from now on no new packages can be uploaded that don't
have a signature. We may give the TU a ew days mroe time as this will be
new to them.

If you just agree with all this send a +1.


+1


--
Arch Linux Developer
http://www.archlinux.org
http://www.archlinux.it

On Sun, Oct 30, 2011 at 2:31 PM, Giovanni Scafora
<giovanni@archlinux.org> wrote:
> Il 30/10/2011 14:12, Pierre Schmitz ha scritto:
>>
>> Hi all,
>>
>> it's about time to finalize our signing policy to get all our packages
>> properly signed as soon as possible. Note that this is just about
>> signing the package itself. How we will manage our keyring and sign that
>> one using master keys is a different story.
>>
>> At first please have a look at
>> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages and
>> let me know if there is anything wrong or unclear. I would like to
>> present this little Howto to the TU so that community packages can be
>> signed as well.
>>
>> To speed things up I'd like to let dbscripts enforce signed packages.
>> This means that from now on no new packages can be uploaded that don't
>> have a signature. We may give the TU a ew days mroe time as this will be
>> new to them.
>>
>> If you just agree with all this send a +1.
>
> +1
>
>
> --
> Arch Linux Developer
> http://www.archlinux.org
> http://www.archlinux.it
>

+1

Ronald

On Sun, Oct 30, 2011 at 02:12:20PM +0100, Pierre Schmitz wrote:
> Hi all,
>
> it's about time to finalize our signing policy to get all our packages
> properly signed as soon as possible. Note that this is just about
> signing the package itself. How we will manage our keyring and sign that
> one using master keys is a different story.
>
> At first please have a look at
> https://wiki.archlinux.org/index.php/DeveloperWiki:Signing_Packages and
> let me know if there is anything wrong or unclear. I would like to
> present this little Howto to the TU so that community packages can be
> signed as well.
>
> To speed things up I'd like to let dbscripts enforce signed packages.
> This means that from now on no new packages can be uploaded that don't
> have a signature. We may give the TU a ew days mroe time as this will be
> new to them.
>
> If you just agree with all this send a +1.
>
> Greetings,
>
> Pierre
>
> --
> Pierre Schmitz, http://pierre-schmitz.com

+1.

On 30.10.2011 14:12, Pierre Schmitz wrote:
> If you just agree with all this send a +1.

+1

PS: we should get a voting system

--
Florian Pritz

On 30 October 2011 14:14, Thomas Bächler <thomas@archlinux.org> wrote:
> Am 30.10.2011 14:12, schrieb Pierre Schmitz:
>> To speed things up I'd like to let dbscripts enforce signed packages.
>> This means that from now on no new packages can be uploaded that don't
>> have a signature.
>
> +1
>
>> We may give the TU a ew days mroe time as this will be
>> new to them.
>
> -1 - they had more than enough time.
I agree with Thomas, +1 about dbscripts. -1 about more time to the TUs.

--
Andrea