|
From: | Jim Hyslop |
Subject: | Re: [task #4633] GPG-Signed Commits |
Date: | Mon, 19 Sep 2005 11:29:45 -0400 |
User-agent: | Mozilla Thunderbird 1.0.6 (Windows/20050716) |
Derek Price wrote:
One more thought on planning this feature, this is important enough to go into the stable release series, I think, but we are awfully close to being able to bless feature as stable anyhow. Would there be any objections to GPG-signed commits going into stable as things stand? Would there be any objections to 1.12.x being blessed as stable after adding GPG-signed commits, importing an updated diffutils, possibly completing the commitid stuff, and maybe an RC release or two?
Since security measures usually improve (or are completely disproved) with wide-spread review, I'd be disinclined to add it into the current stable release without at least _some_ field trials to make sure the approach is correct and bug-free.
I'd feel better with the second approach - add it to 1.12.x, with the other changes, produce as many RC releases as are required to get it right, then (hallelujah!) declare 1.12 released.
-- Jim
[Prev in Thread] | Current Thread | [Next in Thread] |