So, any plans to start signing the pvops kernel commits? I''m really reluctant to build and sign, and then distribute, an RPM with the sources fetched from this repo, if I cannot verify they are authentic in any way. I can easily imagine packagers from other distributions would think similar. It''s really just a matter of signing Jeremy''s key with the "Xen.org master key" (0x79BAD9D8), and then typing git tag -s after every major commit, no? Thanks, joanna. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On Tue, Jun 08, 2010 at 01:52:07PM +0200, Joanna Rutkowska wrote:> So, any plans to start signing the pvops kernel commits? I''m really > reluctant to build and sign, and then distribute, an RPM with the > sources fetched from this repo, if I cannot verify they are authentic in > any way. I can easily imagine packagers from other distributions would > think similar. > > It''s really just a matter of signing Jeremy''s key with the "Xen.org > master key" (0x79BAD9D8), and then typing git tag -s after every major > commit, no?I don''t know whether we are truly at a release stage yet? (there are still tons of bugs). Or were you thinking more in terms of whenever Jeremy merges Greg KH''s stable 2.6.32 and then tag it? _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel
On 06/08/2010 03:37 PM, Konrad Rzeszutek Wilk wrote:> On Tue, Jun 08, 2010 at 01:52:07PM +0200, Joanna Rutkowska wrote: >> So, any plans to start signing the pvops kernel commits? I''m really >> reluctant to build and sign, and then distribute, an RPM with the >> sources fetched from this repo, if I cannot verify they are authentic in >> any way. I can easily imagine packagers from other distributions would >> think similar. >> >> It''s really just a matter of signing Jeremy''s key with the "Xen.org >> master key" (0x79BAD9D8), and then typing git tag -s after every major >> commit, no? > > I don''t know whether we are truly at a release stage yet? (there are > still tons of bugs). Or were you thinking more in terms of whenever > Jeremy merges Greg KH''s stable 2.6.32 and then tag it? >Yeah, whenever there is some bigger commit/merge, it would make sense to sign it. joanna. _______________________________________________ Xen-devel mailing list Xen-devel@lists.xensource.com http://lists.xensource.com/xen-devel