Zsh Mailing List Archive
Messages sorted by:
Reverse Date,
Date,
Thread,
Author
Re: reproducing release tarball for 5.0.7
- X-seq: zsh-workers 33456
- From: Phil Pennock <zsh-workers+phil.pennock@xxxxxxxxxxxx>
- To: Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>
- Subject: Re: reproducing release tarball for 5.0.7
- Date: Mon, 13 Oct 2014 08:19:56 +0000
- Cc: zsh-workers@xxxxxxx
- Dkim-signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=spodhuis.org; s=d201408; h=In-Reply-To:Content-Type:MIME-Version:References:Message-ID:Subject:Cc:To:From:Date; bh=Zg7YeJdmmtpDeDm4QdpO0bkkRqPPHPHzcjRNlG7bkJU=; b=XvoMY2X4xVi+RUylhJq/QQv6sjpCimLXpCZZzEbIFPbMn/8on/HXYD59XbTfWrbm17bPJ9U2swZZfMqMa9Xra1xxbbdNZAdIbOdlEQwn+x6s73RHQBMEWMVHo7zvWSLZ5WtTtzg2YuQIaCMfkYURj+CN35iSki02MufG1/oDwIIkWTnOFmkitC2LdCk4P4ZES6m7mf9RNsBgusdi;
- In-reply-to: <20141012180013.0d8f1b2e@pws-pc.ntlworld.com>
- List-help: <mailto:zsh-workers-help@zsh.org>
- List-id: Zsh Workers List <zsh-workers.zsh.org>
- List-post: <mailto:zsh-workers@zsh.org>
- Mail-followup-to: Peter Stephenson <p.w.stephenson@xxxxxxxxxxxx>, zsh-workers@xxxxxxx
- Mailing-list: contact zsh-workers-help@xxxxxxx; run by ezmlm
- Openpgp: url=https://www.security.spodhuis.org/PGP/keys/0x4D1E900E14C1CC04.asc
- References: <20141009201629.GA10638@tower.spodhuis.org> <20141011001908.GA18706@ruderich.org> <20141012180013.0d8f1b2e@pws-pc.ntlworld.com>
On 2014-10-12 at 18:00 +0100, Peter Stephenson wrote:
[ PGP keys for zsh ]
>
> Could do, guess we need a new key for this.
Not really: role keys only make sense if there's a bunch of process and
control around their access and some people who can validate the key who
sign it to provide trust paths to the outside world. For open source
projects, IMO it makes more sense to just have individual maintainers
use their own keys.
I wrote this, as part of Exim's release process documentation:
https://github.com/Exim/exim/wiki/EximReleasePolicy#release-verification
and think it's a reasonable baseline for zsh too. Probably drop the
$project.org UID bit, since @zsh.org email addresses aren't really used
by individuals.
-Phil
Messages sorted by:
Reverse Date,
Date,
Thread,
Author