View Issue Details
|ID||Project||Category||View Status||Date Submitted||Last Update|
|0006227||Taler||deployment and operations||public||2020-05-01 04:10||2020-07-24 11:56|
|Target Version||0.8||Fixed in Version||0.8|
|Summary||0006227: Please evaluate weblate GPG signing|
|Description||Issue: in a message to me Christian said "I believe the automated push of Weblate will NOT work with our policy on GnuPG signed commits"|
It looks like Weblate supports GPG-signed commits: https://docs.weblate.org/en/latest/admin/optionals.html?highlight=spam#signing-git-commits-with-gnupg
Does this comport with our policy of GPG-signed commits? :https://docs.taler.net/developers-manual.html#committing-code
It seems to, at least in theory, but there is also a degree to which GPG signatures represent a human "signing off" on a commit, and that would be lost with an automated commit.
Please assign to me if you want me to pursue.
|Tags||No tags attached.|
Function added. Maybe we just see how it works? Unless you don't want an automatic signature in principle.
Oh, wow. Cool. While that's obviously not as, eh, meaningful as a human signature, it should do. After all, it's easy for a security audit to check that all commits made by the Weblate GnuPG key are on .po files. So I think that's totally acceptable for us!
So please do deploy!
|2020-05-01 04:10||buckE||New Issue|
|2020-05-01 04:10||buckE||Status||new => assigned|
|2020-05-01 04:10||buckE||Assigned To||=> Christian Grothoff|
|2020-05-01 04:26||buckE||Note Added: 0015819|
|2020-05-01 07:59||Christian Grothoff||Assigned To||Christian Grothoff => buckE|
|2020-05-01 08:00||Christian Grothoff||Note Added: 0015821|
|2020-05-01 08:37||buckE||Status||assigned => resolved|
|2020-05-01 08:37||buckE||Resolution||open => fixed|
|2020-05-01 08:37||buckE||Note Added: 0015823|
|2020-07-24 11:56||Christian Grothoff||Target Version||=> 0.8|
|2020-07-24 11:56||Christian Grothoff||Fixed in Version||=> 0.8|