| Message ID | 20220808145008.26162-2-michael@niedermayer.cc |
|---|---|
| State | Accepted |
| Commit | 05225180bea208dfd81efac327e429711a963697 |
| Headers | show |
| Series | [FFmpeg-devel,1/2] MAINTAINERS: Add ED25519 key for tag/commit signing experiment | expand |
| Context | Check | Description |
|---|---|---|
| yinshiyou/make_loongarch64 | success | Make finished |
| yinshiyou/make_fate_loongarch64 | success | Make fate finished |
| andriy/make_x86 | success | Make finished |
| andriy/make_fate_x86 | success | Make fate finished |
On 8/8/2022 11:50 AM, Michael Niedermayer wrote: > From: Michael Niedermayer <michael-git@niedermayer.cc> > > Signed-off-by: Michael Niedermayer <michael-git@niedermayer.cc> > --- > MAINTAINERS | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/MAINTAINERS b/MAINTAINERS > index 7ed15f96f6..ed2ec0b90c 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -626,6 +626,7 @@ Leo Izen (thebombzen) B6FD 3CFC 7ACF 83FC 9137 6945 5A71 C331 FD2F A19A > Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE > Lynne FE50 139C 6805 72CA FD52 1F8D A2FE A5F0 3F03 4464 > Michael Niedermayer 9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB > + DD1E C9E8 DE08 5C62 9B3E 1846 B18E 8928 B394 8D64 There is a "FFmpeg release signing key" key already, used for the tarballs, and which you obviously have access to. Can we not use it for the release tags too, instead of a new key to your name? It would probably require creating the git tags using the ffmpeg-devel@ffmpeg.org email. This new key of yours could be used for your commits, but for the release tags, if possible better use the same key the relevant tarball will also use, IMO. It will simplify package managers that already fetch tarballs to also fetch git tags as fallback and not require the use of a different key for verification. > Nicolas George 24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93 > Niklas Haas (haasn) 1DDB 8076 B14D 5B48 32FC 99D9 EB52 DA9C 02BA 6FB4 > Nikolay Aleksandrov 8978 1D8C FB71 588E 4B27 EAA8 C4F0 B5FC E011 13B1
On Mon, Aug 08, 2022 at 12:16:36PM -0300, James Almer wrote: > On 8/8/2022 11:50 AM, Michael Niedermayer wrote: > > From: Michael Niedermayer <michael-git@niedermayer.cc> > > > > Signed-off-by: Michael Niedermayer <michael-git@niedermayer.cc> > > --- > > MAINTAINERS | 1 + > > 1 file changed, 1 insertion(+) > > > > diff --git a/MAINTAINERS b/MAINTAINERS > > index 7ed15f96f6..ed2ec0b90c 100644 > > --- a/MAINTAINERS > > +++ b/MAINTAINERS > > @@ -626,6 +626,7 @@ Leo Izen (thebombzen) B6FD 3CFC 7ACF 83FC 9137 6945 5A71 C331 FD2F A19A > > Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE > > Lynne FE50 139C 6805 72CA FD52 1F8D A2FE A5F0 3F03 4464 > > Michael Niedermayer 9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB > > + DD1E C9E8 DE08 5C62 9B3E 1846 B18E 8928 B394 8D64 > > There is a "FFmpeg release signing key" key already, used for the tarballs, > and which you obviously have access to. Can we not use it for the release > tags too, instead of a new key to your name? possible > It would probably require > creating the git tags using the ffmpeg-devel@ffmpeg.org email. If the goal is to get a "verified" sticker on github i think that would require an account on github too that has a gpg key and email of ffmpeg-devel@ffmpeg.org iam not sure about the security implications if a github account uses a public mailing list on a secondary email address > > This new key of yours could be used for your commits, but for the release > tags, if possible better use the same key the relevant tarball will also > use, IMO. It will simplify package managers that already fetch tarballs to > also fetch git tags as fallback and not require the use of a different key > for verification. > > > Nicolas George 24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93 > > Niklas Haas (haasn) 1DDB 8076 B14D 5B48 32FC 99D9 EB52 DA9C 02BA 6FB4 > > Nikolay Aleksandrov 8978 1D8C FB71 588E 4B27 EAA8 C4F0 B5FC E011 13B1 > _______________________________________________ > ffmpeg-devel mailing list > ffmpeg-devel@ffmpeg.org > https://ffmpeg.org/mailman/listinfo/ffmpeg-devel > > To unsubscribe, visit link above, or email > ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe". >
On Mon, Aug 08, 2022 at 04:50:07PM +0200, Michael Niedermayer wrote: > From: Michael Niedermayer <michael-git@niedermayer.cc> > > Signed-off-by: Michael Niedermayer <michael-git@niedermayer.cc> > --- > MAINTAINERS | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/MAINTAINERS b/MAINTAINERS > index 7ed15f96f6..ed2ec0b90c 100644 > --- a/MAINTAINERS > +++ b/MAINTAINERS > @@ -626,6 +626,7 @@ Leo Izen (thebombzen) B6FD 3CFC 7ACF 83FC 9137 6945 5A71 C331 FD2F A19A > Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE > Lynne FE50 139C 6805 72CA FD52 1F8D A2FE A5F0 3F03 4464 > Michael Niedermayer 9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB > + DD1E C9E8 DE08 5C62 9B3E 1846 B18E 8928 B394 8D64 > Nicolas George 24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93 > Niklas Haas (haasn) 1DDB 8076 B14D 5B48 32FC 99D9 EB52 DA9C 02BA 6FB4 > Nikolay Aleksandrov 8978 1D8C FB71 588E 4B27 EAA8 C4F0 B5FC E011 13B1 will apply this one and attempt to start using it for commits [...]
On Mon, Aug 08, 2022 at 05:43:15PM +0200, Michael Niedermayer wrote: > On Mon, Aug 08, 2022 at 12:16:36PM -0300, James Almer wrote: > > On 8/8/2022 11:50 AM, Michael Niedermayer wrote: > > > From: Michael Niedermayer <michael-git@niedermayer.cc> > > > > > > Signed-off-by: Michael Niedermayer <michael-git@niedermayer.cc> > > > --- > > > MAINTAINERS | 1 + > > > 1 file changed, 1 insertion(+) > > > > > > diff --git a/MAINTAINERS b/MAINTAINERS > > > index 7ed15f96f6..ed2ec0b90c 100644 > > > --- a/MAINTAINERS > > > +++ b/MAINTAINERS > > > @@ -626,6 +626,7 @@ Leo Izen (thebombzen) B6FD 3CFC 7ACF 83FC 9137 6945 5A71 C331 FD2F A19A > > > Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE > > > Lynne FE50 139C 6805 72CA FD52 1F8D A2FE A5F0 3F03 4464 > > > Michael Niedermayer 9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB > > > + DD1E C9E8 DE08 5C62 9B3E 1846 B18E 8928 B394 8D64 > > > > There is a "FFmpeg release signing key" key already, used for the tarballs, > > and which you obviously have access to. Can we not use it for the release > > tags too, instead of a new key to your name? > > possible > > > > It would probably require > > creating the git tags using the ffmpeg-devel@ffmpeg.org email. > > If the goal is to get a "verified" sticker on github i think that would require > an account on github too that has a gpg key and email of ffmpeg-devel@ffmpeg.org > iam not sure about the security implications if a github account uses a > public mailing list on a secondary email address also i just noticed that "git tag" seems not to have any option to set the tagger. I would have to hack the git config to set it to ffmpeg-devel@ffmpeg.org, that feels really like iam doing something thats not supposed to be done. So for 5.1.1 ill stay with the natural thing and just create the tag, but iam happy to set the tagger and key to anything people want. Please start a RFC or something if you want so people can discuss this, i wonder what other projects do ... thx [...]
diff --git a/MAINTAINERS b/MAINTAINERS index 7ed15f96f6..ed2ec0b90c 100644 --- a/MAINTAINERS +++ b/MAINTAINERS @@ -626,6 +626,7 @@ Leo Izen (thebombzen) B6FD 3CFC 7ACF 83FC 9137 6945 5A71 C331 FD2F A19A Loren Merritt ABD9 08F4 C920 3F65 D8BE 35D7 1540 DAA7 060F 56DE Lynne FE50 139C 6805 72CA FD52 1F8D A2FE A5F0 3F03 4464 Michael Niedermayer 9FF2 128B 147E F673 0BAD F133 611E C787 040B 0FAB + DD1E C9E8 DE08 5C62 9B3E 1846 B18E 8928 B394 8D64 Nicolas George 24CE 01CE 9ACC 5CEB 74D8 8D9D B063 D997 36E5 4C93 Niklas Haas (haasn) 1DDB 8076 B14D 5B48 32FC 99D9 EB52 DA9C 02BA 6FB4 Nikolay Aleksandrov 8978 1D8C FB71 588E 4B27 EAA8 C4F0 B5FC E011 13B1