On Thu, Jan 12, 2017 at 08:17:14AM +0100, Michal Simek wrote:
On 12.1.2017 08:13, Masahiro Yamada wrote:
2017-01-12 15:42 GMT+09:00 Michal Simek michal.simek@xilinx.com:
On 11.1.2017 17:28, Tom Rini wrote:
On Wed, Jan 11, 2017 at 09:59:29AM +0100, Michal Simek wrote:
Hi Tom,
here are changes I have collected. Travis is not reporting any issue. I have also started to use signed tags to be clear what to take.
Ah, signed tags. How much more work is that on your end?
Almost nothing just git tag -s and write some stuff. arm-soc starts to use that long time ago that's why when you setup it once there is not an issue. Maybe good time to consider to move to the same model.
Interesting.
Maybe, will we have a key signing party in the next U-Boot mini summit? The GPG certificate can be checked only when we have the chain of trust.
Tom probably has my key already from past. Definitely u-boot mini summit is a good opportunity for this.
More more difference for pulling a tag commit is that git always creates a merge commit even if the pull-request is sitting on the top of the upstream tree.
It is up to Tom what flow he wants to use and how that merge commits will look like.
So, I've thought about this a bit more. To me, at least initially, the web of trust isn't as important as the information (and so history) that's in the signed tags about what's coming in. I want us to have better release notes about what has changed and I think tags will help. I'm not going to make it mandatory right now, I'd like people to try it out and see what they think. A look over https://www.kernel.org/pub/software/scm/git/docs/howto/using-signed-tag-in-p... may help people that haven't done it before.