[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: 1.8.0-rc2 up for testing/signing

From: Daniel Shahaf <danielsh_at_elego.de>
Date: Wed, 15 May 2013 04:46:07 +0300

Mark Phippard wrote on Tue, May 14, 2013 at 17:03:48 -0400:
> I am still getting those test failures in the svnrdump and svnsync
> tests. Given that the tests work for others, I would guess this is
> something odd about my machine setup. I manually did an svnsync to
> confirm the binary worked.
> In the svn:// and http:// tests I have a couple of additional failures
> I have not looked at yet that might be due to running the tests in
> parallel.
> Should I just sign the release and then leave it up to Ben if he wants
> to count my signature towards the Windows total, or just not sign it
> at all?

Signing the tarballs achieves two purposes:

1. It communicates to the community (including users) that you are +1 on
   that tarball being GA quality.

2. It allows people who download a tarball to establish a chain of trust
   back to a Subversion committer.

The former is sensitive to those "additional failures" you mention. The
latter isn't. That said, if you have signed the PGP keys of developers
who will sign the release, the marginal advantage to 'gpg --verify'iers
of your signature is minimal --- i.e., the latter goal isn't helped much.

Does that make sense?

Received on 2013-05-15 03:46:47 CEST

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.