[openstack-dev] Fwd: [Openstack-devel] PGP key signing party during the HK summit

Monty Taylor mordred at inaugust.com
Sun Sep 22 00:17:19 UTC 2013



On 09/20/2013 02:33 AM, Thomas Goirand wrote:
> 
> Hi,
> 
> Has anyone thought about having a PGP key signing party during the
> summit? Guys from the Linux kernel thought it was useless, but after the
> hack of kernel.org, they started to understand it was useful, and now
> they do have a "web of trust". As a package maintainer, I would very
> much like to have a signing event during the next HK summit, and collect
> signatures so that I can check the pgp signed tags, which to my very
> satisfaction, starts to appear for every package release (not sure if
> this comes from the fact I've been annoying everyone about it in this
> list, though that's a very good thing).

As a note, actually, it is impossible now to make an OpenStack release
without a signed tag - the process of releasing itself is triggered only
by signed tags.

So yes - I fully support developing a keyring.



More information about the OpenStack-dev mailing list