[opam-devel] more committers needed ?
Hannes Mehnert
hannes at mehnert.org
Wed Mar 30 12:15:34 BST 2016
uhm, this is very much into dreamland right now (since the first step,
of signing integration isn't done yet)...
On 30/03/2016 13:03, Anil Madhavapeddy wrote:
> That actually sounds like the perfect workflow for signing... if there was some way to sign it (perhaps keybase.io via JavaScript) without a CLI, it would be much more widely adopted.
does this propose that you want people to store their private keys
online on the internet (certainly password-protected)? I'm uneasy with
that (and would prefer to store the private keys on the people's
laptops, rather than online).
>> On 30 Mar 2016, at 12:02, Louis Gesbert <louis.gesbert at ocamlpro.com> wrote:
>> More simply, the mechanism could do all the work, and poll the package
>> maintainer for a signature (assuming he wouldn't sign without actually
>> checking ?) . Something like a mail with instructions and archive + cryptohash
>> to verify, then a command to run and it's done.
this sounds good to me, a mail where the developer has to invoke some
command-line utility locally to generate a signature, and resubmit this
via mail (well, or git as a first step).
hannes
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ocaml.org/pipermail/opam-devel/attachments/20160330/892ad845/attachment-0001.sig>
More information about the opam-devel
mailing list