Signing tags

Jonas Smedegaard jonas at homebase.dk
Sat Dec 3 13:16:13 UTC 2016


Excerpts from Jaromír Mikeš's message of December 3, 2016 1:38 pm:
> Is signing tags mandatory? ... According to our wiki page it is,
> but I saw that some DD removing "sign-tags = True" from gbp.conf file.
> So I adopted this practice too.
> 
> https://wiki.debian.org/DebianMultimedia/DevelopPackaging
> Tags should be created (and signed) by the uploading DD

I believe we should always sign tags, and I do not recall anyone
disagreeing with that.  Where we do not all agree is on how to ensure
that tags gets signed.

Some is of the opinion that signing should not be enabled by default in
packages, but instead be enabled in the build environment.  Reason for
that is, as I understand it, that it is difficult to disable pre-enabled
signing for more complex setups (e.g. building on one host and signing on another).

 - Jonas



More information about the pkg-multimedia-maintainers mailing list