[LEDE-DEV] Proposal to sign all commits
Kus
kushaldeveloper at gmail.com
Fri May 6 08:55:57 PDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
> Regarding signing commits with GPG key, it would be nice to recommend it but making it a requirement sounds like a barrier.
I'd argue such a barrier is OK if we want to quickly increase the size of the team of people with commit access. I think we're underestimating our contributors here. I agree that we shouldn't have unnecessary barriers (such as copyright assignment to give a specific example).
I am getting mixed signals here though. Some people say requiring signing causes friction and limits participation. Others say that there will only be a couple of people who will ever have commit access so signing is unnecessary.
I don't want to take too much time here because signing commits is a lower priority compared to doing the actual work of writing code/documentation (including a wiki), increasing/maintaining test coverage, and setting up automatic signed builds and so on (being discussed in separate threads).
I don't think there's a definite right or wrong answer here as long as we understand and accept the trade offs.
Sincerely,
-----BEGIN PGP SIGNATURE-----
Version: APG v1.1.1
iQJRBAEBCgA7BQJXLL6NNBxLdXNoYWwgSGFkYSAoZGV2ZWxvcGVyKSA8a3VzaGFs
ZGV2ZWxvcGVyQGdtYWlsLmNvbT4ACgkQJsInd2b1xmPv9w/+Km0COpDHFHWjahVX
XCGZdokz4BZn41ZF54R4z7iyexzZ9uviLJfQyftHODHYCvdl/P+zA3WYX2nyEQ5j
zDIkXuGKmrG68zt55Y2layVgOrqJ3BswwdkFhG7mFEyvTJQDWYp50F6a9JjURZmB
x1YCUO7fQidrmjOYdE9omEeJCBukujGtBFG1i2YxGPHA8hWANxB+hZD5AZHouNto
i5YG7ssjJXusdoCtReIxUsimUwQ6s5IqSiOSZPwlGGl3lTj4rVcQtUNZzTlwBRsL
3VEAAlXNd6Kl0oKaet9wVJNwiF3nrDiLAgwTjS2T5ZIe5l4+TwcSAsN3xJUAe1tx
7ysWFEbgYNLxXuI8cvEXr9g9n7BW3QnbgQzpgadjQisGeIOzwsCirpGKrSBJDXVP
RDClZQe9FhJ4edxgWig4htvH4eHsyyzic0RDaG+70aSNlWS4gVniAZ+dvn4cxnlF
22v7Ryl/Sb3dmhub2bQVVP4TZyYityNNfyW74cODj4mx2cYYwEhVEIAbvKz+ZE7r
D6T2svtOSJpaPBGKL4JGhXxdwo6UZJucA13h3nrxYH+nHlm6v0xHWkV955LyP976
SYS7Nw6Opw0L66L5jAJjQ3z6+YAabd00AmxWMnL6pMJk3k8sY8sH45CLghCvQNzr
xeFklDOsle8MwWAuuBb9CMB1OLI=
=bVJi
-----END PGP SIGNATURE-----
More information about the Lede-dev
mailing list