Consider signing tags and releases #232
Comments
|
@fossfreedom is this necessary? |
|
It's not an absolute requirement. Debian encourage upstream maintainers to do so. Some are quite willing. Some do not. I have to ask the question because debian will ask me what upstream intend or do not intend to do Get Outlook for Android On Wed, Jun 8, 2016 at 5:28 PM +0100, "Sam Hewitt" notifications@github.com wrote: @fossfreedom is this necessary? You are receiving this because you were mentioned. |
|
To be fair this is just an icon theme there's nothing really that would benefit from the gpg signing. (I will not get Outlook for Android) |
|
Ok cheers😃 |
|
quick update - both faba and moka have now been accepted into Debian Unstable. These should flow into Debian derivatives such as Ubuntu 16.10 automatically now. If you can do me a favour please? When you release a new version of faba and moka - please can you ping me so that I can update Debian. Cheers |
Hi there,
I'm looking at pushing this as a package into Debian (and hence all Debian derived distros such as Ubuntu).
One of the usual questions asked is for consideration that upstream sign both tags and releases in future releases.
signing github releases
gpg signing
Apparently Debian's policy is also to encourage upstream to sign commits, tags and releases to provide assurance of the stuff being built.
Hence the question - would you consider signing tags and releases in future?
The text was updated successfully, but these errors were encountered: