Future releases
Jonathan Riddell
jr at jriddell.org
Tue Dec 20 11:39:35 GMT 2016
On 20 December 2016 at 11:29, Dag <danders at get2net.dk> wrote:
>> Any pgp key will do, the only requirement is a packager like myself
>> can verify it's the one the Calligra devs used which is usually done
>> by putting it on a pgp key server and putting the full fingerprint on
>> the release announcement web page and/or e-mails (not on a wiki as
>> Kirigami devs like to do).
>
> Thought that was what the trust part should do, anybody could create a key
> and say they where a calligra dev.
> OTOH probably some of us would protest if calligra was released and none of
> us knew about it ;)
Put it on a trusted place like calligra.org and voila, it's trusted.
It's important to include in any announcement to packagers though so
we know what key we should be looking for.
See for example my key on https://www.kde.org/info/plasma-5.8.0.php
I do share Boud's frustration with gpg-agent, it's a tricksy beastie
which sometimes works and sometimes doesn't. But it should be possible
to turn it off and just enter any password in directly.
>>> 7. Notify packagers and wait some time (a week?) for feedback
>>
>>
>> A week feels a bit much to me but as you wish
>
> Less is more in this case. What would you suggest would be enough?
Both Plasma and Applications seem to use Thursday to Tuesday.
Frameworks leaves a week still. With automated testing there
shouldn't be a need for so long is the thinking these days.
Jonathan
More information about the calligra-devel
mailing list