> On Jul 26, 2019, at 12:06 PM, Nathan Hartman <hartman.nathan_at_gmail.com> wrote:
>
>> On Fri, Jul 19, 2019 at 6:03 PM Daniel Shahaf <d.s_at_daniel.shahaf.name> wrote:
>
>> Nathan Hartman wrote on Fri, 19 Jul 2019 17:32 +00:00:
>> > I meant is there a script that generates the list of dependencies
>> > actually used on the test system. E.g., as in this testing/signing
>> > message from a prior release:
>> >
>> > https://svn.haxx.se/dev/archive-2019-04/0012.shtml
>> >
>> > Because even though I'm not signing, I'd like to report what was actually used.
>>
>> There's 'svn --version --verbose', and I think stsp's distro (tools/dev/unix-build/)
>> has a target for this too, but beyond that, I don't think there's a single script
>> you can use. Many developers use Debian derivatives, though; perhaps one of
>> them will share a script you can use.
>>
>> People usually report what test combinations they ran. (That basically
>> means what FS backend and RA layer you tested. If you set any relevant
>> 'make'- or 'make check'-time knobs, it's useful to say that, too.)
>>
>> Also, I can't think of a reason why you shouldn't sign the tarballs.
>>
>> Thanks for testing,
>>
>> Daniel
>
> Thanks. That does make it much easier to include the dependency info
> for future tests.
>
> I was under the impression that a signature is only meaningful when the
> signer is a committer. :-)
>
> Glad to help. Thanks to everyone for the latest Subversion releases!
The signature only counts as a binding vote for the release when it is from a committer but in terms of strengthening the web of trust we ought to accept a signature from anyone.
Mark
Received on 2019-07-26 18:09:02 CEST