[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: ELPA update

From: Julien Danjou
Subject: Re: ELPA update
Date: Wed, 28 Sep 2011 16:00:04 +0200
User-agent: Gnus/5.110018 (No Gnus v0.18) Emacs/24.0.90 (gnu/linux)

On Wed, Sep 28 2011, Ted Zlatanov wrote:

> To that end it would also be nice if we asked committers to sign their
> contributions with their private GPG key, but I don't know if Bazaar
> supports that.  If they did, we could have a list of approved public GPG
> keys for any given package and contributions signed with those could be
> automatically approved.  This is just a proposal though, I don't know
> the best way to do it.

I though people having commit access to ELPA were already trusted, since
they got their write access SSH authentified?

> Most of us don't know how to run a package repository, so maybe we
> should look at the Debian maintainers' process or ask them if we don't
> have the local expertise.

Well, there's no manual review of packages already present in the
archive at Debian. Only new packages got reviewed (for licensing issue

Julien Danjou

Attachment: pgpyVav8kWI5J.pgp
Description: PGP signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]