[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnupload and gpg2

From: Jim Meyering
Subject: Re: gnupload and gpg2
Date: Sat, 19 May 2018 16:44:50 -0700

On Sat, May 19, 2018 at 4:14 PM, Bruno Haible <address@hidden> wrote:
> Hi Jim,
>> The only thing I would have done differently would be to add
>> "FIXME-2020" or similar to your comment
> Why 2020? I wrote:
>   Ubuntu 2016.04 (which is supported until April 2021,
>   that is, 3 years from now), has `gpg --version` = 1.x.
> So, if it's supported until April 2021, you can assume some users will use
> it until 2025. In order to not gratuitously hurt these users, I would suggest
> keep this code until at least 2025.

Hi Bruno,

This is a tool by which one uploads signed tarballs to (usually) GNU
servers, presumably for mass distribution. As such, I think we are
justified in holding packagers/uploaders to a higher standard. At the
very least, we should feel justified in expecting that an uploader run
on a reasonably secure system: i.e., one that is still being

That said, you're welcome to change the comment however you'd like.

Thanks for all your help,

reply via email to

[Prev in Thread] Current Thread [Next in Thread]