signing with proxied maintainers
-----BEGIN PGP SIGNED MESSAGE-----
On 03/25/11 17:02, Mike Frysinger wrote:
> once we move to git, the workflow for proxy maintainers is going to be
> a lot smoother. the question is how to handle signing with proxy
> it would be nice if said proxied maintainers would sign things and
> that would be preserved all the way to the push to the common server.
> - Gentoo dev doing the proxy can pull, look at the commits, and then push
> - proxied maintainers need to set up pgp too
> - we need to have another list of keys to accept outside of the
> existing Gentoo dev list
> - easy to miss if commit was made through repoman, or on an older tree
> the other method would be that a Gentoo dev pulls the changesets and
> then runs `repoman commit` himself.
> - proxied maintainers need not think of pgp at all
> - we only need the original Gentoo dev key list
> - the Gentoo dev knows immediately if there's a repoman problem
> - workflow not as smooth
> i thinking about this last bit, i wonder if that could simply be
> addressed in repoman itself ? we could add a "repoman push" command
> that compared the remote branch to the local one to find out all the
> packages that have been updated, go into each one and rebuild just the
> Manifest, and then do the `git push`.
- From my point of view, we should be using something close to the second
one regardless. Dev's should be checking the works of proxy committers
anyway, so running repoman should already be part of that workflow.
Secondly, I like that last idea. Except I'd amend that it should run
repoman full; warn if anything is wrong, then repoman manifest etc.
Dane Smith (c1pher)
Gentoo Linux Developer -- QA / Crypto / Sunrise / x86
RSA Key: http://pgp.mit.edu:11371/pks/lookup?search=0x0C2E1531&op=index
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
-----END PGP SIGNATURE-----