skribilo-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Signing key for 0.10.0


From: Ludovic Courtès
Subject: Re: Signing key for 0.10.0
Date: Mon, 10 Jul 2023 23:24:48 +0200
User-agent: Gnus/5.13 (Gnus v5.13) Emacs/28.2 (gnu/linux)

Hi,

Arun Isaac <arunisaac@systemreboot.net> skribis:

> Thanks for reporting this! The new signing key is mine. I joined the
> skribilo team recently as a maintainer, and made the latest release. So,
> I signed it with my key. But, I see this is probably not the best
> idea. It would cause quite a lot of confusion everytime we have new
> maintainers on the team.
>
> @Ludo: How should we best handle release signatures? Should we resign
> the latest release with your key?

I don’t think so, it’s all fine IMO.  (Note that procedures that apply
to GNU don’t apply here since it’s a non-GNU project; in particular, the
GNU keyring is about GNU release signatures.)

That said, we could/should introduce ‘.guix-authorizations’ and all
that for safe updates at the Git level.

WDYT?

Thanks,
Ludo’.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]