[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-devel
Subject:    Re: digital signatures for kde sources?
From:       Joanna Rutkowska <joanna () invisiblethingslab ! com>
Date:       2010-05-26 9:04:34
Message-ID: 4BFCE422.9080405 () invisiblethingslab ! com
[Download RAW message or body]

[Attachment #2 (multipart/signed)]


On 05/26/2010 10:54 AM, Andreas Pakulat wrote:
> On 26.05.10 02:50:18, Joanna Rutkowska wrote:
>> On 05/26/2010 02:31 AM, Michael Pyne wrote:
>>> As far as those who *do* package KDE (the Release Team) they have their own 
>>> mailing list where this idea would be better brought up (release-
>>> team@kde.org).
>>
>> But I need the signature from the original authors
>> (commiters/release-managers).
> 
> As was said, thats technically not feasible at the moment, let alone
> that it would increase the barrier of entry quite a bit for
> commit-access to KDE. We're very different here in comparison to the
> linux kernel as we have lots of people with access rights to the main
> repository, while in the case of the linux kernel basically only Linus
> merges stuff into the mainline repository. 
> 
> So signing the tarballs would be done with a KDE key by whoever does the
> release (thats one person usually right now). But this only covers the
> trunk/KDE/kde* modules, not any extragear and other apps as those are
> done by other people usually.
> 

Can you explain (or point me to an appropriate document) how is the
release process done in KDE project? Who decides that you're releasing a
particular version at a particular time? Who builds and uploads the
final stable tarball? Who hits the "Enter" button?

joanna.


["signature.asc" (application/pgp-signature)]

>> Visit http://mail.kde.org/mailman/listinfo/kde-devel#unsub to unsubscribe <<


[prev in list] [next in list] [prev in thread] [next in thread]