[opam-devel] opam repository signing

Hannes Mehnert hannes at mehnert.org
Thu Feb 16 23:42:45 GMT 2017


I finally released conex [1], to be used for signing package release,
and verification of repositories.  Earlier I analysed all PRs to the
opam repository within the last 4.5 years and found actual maintainers
of packages [2].

A getting started guide is available at
https://hannes.nqsb.io/Posts/Conex - we need to decide on team members
(all teams are empty right now), especially janitors.

Feedback is appreciated, as usual,

hannes


1: https://github.com/ocaml/opam-repository/pull/8493 , API doc at
https://hannesm.github.io/conex/doc/
2: https://github.com/ocaml/opam-repository/pull/8494 , see
https://hannes.nqsb.io/Posts/Maintainers for details

PS: my key fingerprint is ht9ztjjDwWwD/id6LSVi7nKqVyCHQuQu9ORpr8Zo2aY=
(in case someone wants to verify and approves of my OpenPGP signature
and key)

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.ocaml.org/pipermail/opam-devel/attachments/20170216/cb980a8b/attachment.sig>


More information about the opam-devel mailing list