[SCM] ardour3/master: Don't sign tags.
Adrian Knoth
adi at drcomp.erfurt.thur.de
Wed Sep 4 23:12:31 UTC 2013
On Wed, Sep 04, 2013 at 07:38:33AM +0200, Jaromír Mikeš wrote:
> > > Don't sign tags.
> > >
> > > diff --git a/debian/gbp.conf b/debian/gbp.conf
> > > index 2c53314..8dd9bb3 100644
> > > --- a/debian/gbp.conf
> > > +++ b/debian/gbp.conf
> > > @@ -1,8 +1,5 @@
> > > -# Configuration file for git-buildpackage and friends
> > > -
> > > [DEFAULT]
> > > pristine-tar = True
> > > -sign-tags = True
> >
> > Why? I thought signing the import and release tags helps us establishing
> > a trust chain from the source to the final package.
> It has been discussed here
> http://lists.alioth.debian.org/pipermail/pkg-multimedia-maintainers/2013-June/032853.html
Thanks. So ~/.gbp.conf it is then. Makes sense.
Cheers
--
mail: adi at thur.de http://adi.thur.de PGP/GPG: key via keyserver
More information about the pkg-multimedia-maintainers
mailing list