[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Savannah-hackers] savannah update
|
From: |
Loic Dachary |
|
Subject: |
Re: [Savannah-hackers] savannah update |
|
Date: |
Wed, 14 Jan 2004 00:08:24 +0100 |
Paul Fisher writes:
> Yesterday Jim started work on getting an upload system in place for
> the "files area" on savannah. We're porting over the upload system
> that's used for ftp.gnu.org, with the caveat that control files are
> not required. Each project will have its own incoming directory, and
> all uploaded files must be GPG signed. Jim is working on generation
> of per-project GPG keyrings today.
I do not understand why the uploaded files must be GPG signed.
The fact that they can be signed is a very, very good option, indeed.
I'm unsure about the rationale behind the "must". Please forgive me if
that is already explained in a previous mail or in a published
document.
The reason to implement such a system must be carefully
weighted because it will impose a learning curve to all projects
maintainers and generate a vast amount of support requests.
BTW, I very much understand why such a signature is required
for GNU or Debian. I'm unsure for all nongnu.org.
Cheers,
P.S. Could someone point me to the URL + software explaining the usage
of this system for ftp.gnu.org ?
--
Donate to FSF France online : http://rate.affero.net/fsffrance/
Loic Dachary, 12 bd Magenta, 75010 Paris. Tel: 33 1 42 45 07 97
http://www.fsffrance.org/ http://www.dachary.org/loic/gpg.txt
[Savannah-hackers] Re: savannah update, James E. Blair, 2004/01/13
Re: [Savannah-hackers] savannah update (signed upload), Vincent Caron, 2004/01/14