V Fri, Sep 16, 2022 at 01:56:03PM -0400, Todd Zullinger napsal(a):
Kevin Fenzi wrote:
> On Fri, Sep 16, 2022 at 10:03:35AM +0200, Vít Ondruch wrote:
>> Isn't peer review much better and easier solution over all? We could also
>> require signed commits I guess.
>
> I think it would slow things down quite a lot to require peer review of
> every commit.
>
> I'd personally like to avoid anything where we need to support gpg.
> It's a mess and I think it would waste a lot of cycles explaining how to
> use it or help people get setup. ;( If there's some easier/more clear
> way to sign things that could be a option tho.
Since git-2.34 (released in November of last year), ssh may
be used for signing commits and/or pushes. That's likely a
bit simpler than gpg.
Is administrating SSH keys any easier (for a packager and for Fedora
infrastructure) than PGP keys?
-- Petr