[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Upcoming 0.26.0, please review release notes

From: Ivan Vučica
Subject: Re: Upcoming 0.26.0, please review release notes
Date: Fri, 08 Dec 2017 10:55:14 +0000


Thanks for checking in. Sorry for not being fully clear.

On Fri, Dec 8, 2017, 10:18 Yavor Doganov <address@hidden> wrote:
В Thu, 07 Dec 2017 22:57:39 +0000, Ivan Vučica написа:

> Actual signature *will* be performed with the correct maintainer GPG
> key!

I don't quite understand this sentence -- does it mean that the actual
tag/release at the official GitHub GNUstep repository will be signed
with the GNUstep maintainer key and you only used your key for the
preview release?  If so, it makes perfect sense.

I will sign the tag with my personal key (otherwise GH would not display it as verified) and I will sign the tarball with the shared maintainer key, as is the usual practice.

If I understood everything correctly, the .tar.gz and the accompanied
.sig as generated from the git tag on GitHub will be exactly the same
as those published at  How quickly will the files
propagate to  Do we (Debian) have to adjust the
(tar.gz/.sig) location to GitHub or we can continue to use

Please use as the primary distribution point.

Anything published on Github is merely a convenience. Long-term plan is still to move away from Github as the main repo due to concerns in the community. No time estimates on that, however.

The change is simply in the build process, and an additional secondary distribution point.

P.S.  I'd suggest to advertise widely this new feature of GNUstep Make
      and recommend that all developers GPG-sign their releases.

My understanding is that was already the practice for GNUstep core project? :-)

What I mean is: we are already supposed to sign the tarballs.

The only new thing is signing tags, which I'm doing more for fun than anything else: we have not discussed moving to git repository as the primary source of releases (nor would I really see many advantages to moving away from GNU practices in such a way). :-)

reply via email to

[Prev in Thread] Current Thread [Next in Thread]