WARNING - OLD ARCHIVES

This is an archived copy of the Xen.org mailing list, which we have preserved to ensure that existing links to archives are not broken. The live archive, which contains the latest emails, can be found at http://lists.xen.org/
   
 
 
Xen 
 
Home Products Support Community News
 
   
 

xen-devel

[Xen-devel] pvops0 git tree signing?

To: "xen-devel@xxxxxxxxxxxxxxxxxxx" <xen-devel@xxxxxxxxxxxxxxxxxxx>
Subject: [Xen-devel] pvops0 git tree signing?
From: Joanna Rutkowska <joanna@xxxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 08 Jun 2010 13:52:07 +0200
Delivery-date: Tue, 08 Jun 2010 04:49:08 -0700
Dkim-signature: v=1; a=rsa-sha1; c=relaxed/relaxed; d=messagingengine.com; h=message-id:date:from:mime-version:to:subject:content-type; s=smtpout; bh=qEugO26oYKYNOUIHB5FNdeAv7Co=; b=s2m2mP19vTzAIaF5VL6WukruDFdgb0dx+EMr7qwpg3gg4lprj/H5DNGGPHsulH0MpObydBPRwU4xbnsWtzCalOW2RDs2whpCphddGjiFFZnDpcdgpd14rOEJ7I0qFkZKlpC9AksXb8yZAjLDfeUwK4JTFYH2mZQmFji6NyWBezo=
Envelope-to: www-data@xxxxxxxxxxxxxxxxxxx
List-help: <mailto:xen-devel-request@lists.xensource.com?subject=help>
List-id: Xen developer discussion <xen-devel.lists.xensource.com>
List-post: <mailto:xen-devel@lists.xensource.com>
List-subscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=subscribe>
List-unsubscribe: <http://lists.xensource.com/mailman/listinfo/xen-devel>, <mailto:xen-devel-request@lists.xensource.com?subject=unsubscribe>
Sender: xen-devel-bounces@xxxxxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1.9) Gecko/20100330 Fedora/3.0.4-1.fc12 Lightning/1.0b2pre Thunderbird/3.0.4
So, any plans to start signing the pvops kernel commits? I'm really
reluctant to build and sign, and then distribute, an RPM with the
sources fetched from this repo, if I cannot verify they are authentic in
any way. I can easily imagine packagers from other distributions would
think similar.

It's really just a matter of signing Jeremy's key with the "Xen.org
master key" (0x79BAD9D8), and then typing git tag -s after every major
commit, no?

Thanks,
joanna.

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
Xen-devel mailing list
Xen-devel@xxxxxxxxxxxxxxxxxxx
http://lists.xensource.com/xen-devel
<Prev in Thread] Current Thread [Next in Thread>