[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [task #4633] GPG-Signed Commits

From: Jim Hyslop
Subject: Re: [task #4633] GPG-Signed Commits
Date: Mon, 19 Sep 2005 11:29:45 -0400
User-agent: Mozilla Thunderbird 1.0.6 (Windows/20050716)

Derek Price wrote:
One more thought on planning this feature, this is important enough to
go into the stable release series, I think, but we are awfully close to
being able to bless feature as stable anyhow.

Would there be any objections to GPG-signed commits going into stable as
things stand?

Would there be any objections to 1.12.x being blessed as stable after
adding GPG-signed commits, importing an updated diffutils, possibly
completing the commitid stuff, and maybe an RC release or two?

Since security measures usually improve (or are completely disproved) with wide-spread review, I'd be disinclined to add it into the current stable release without at least _some_ field trials to make sure the approach is correct and bug-free.

I'd feel better with the second approach - add it to 1.12.x, with the other changes, produce as many RC releases as are required to get it right, then (hallelujah!) declare 1.12 released.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]