Re: gnupload and gpg2

bug-gnulib

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: gnupload and gpg2

From:	Jim Meyering
Subject:	Re: gnupload and gpg2
Date:	Sat, 19 May 2018 16:44:50 -0700

On Sat, May 19, 2018 at 4:14 PM, Bruno Haible <address@hidden> wrote:
> Hi Jim,
>
>> The only thing I would have done differently would be to add
>> "FIXME-2020" or similar to your comment
>
> Why 2020? I wrote:
>
>   Ubuntu 2016.04 (which is supported until April 2021,
>   that is, 3 years from now), has `gpg --version` = 1.x.
>
> So, if it's supported until April 2021, you can assume some users will use
> it until 2025. In order to not gratuitously hurt these users, I would suggest
> keep this code until at least 2025.

Hi Bruno,

This is a tool by which one uploads signed tarballs to (usually) GNU
servers, presumably for mass distribution. As such, I think we are
justified in holding packagers/uploaders to a higher standard. At the
very least, we should feel justified in expecting that an uploader run
on a reasonably secure system: i.e., one that is still being
maintained.

That said, you're welcome to change the comment however you'd like.

Thanks for all your help,
Jim

[Prev in Thread]

Current Thread

[Next in Thread]

gnupload and gpg2, Bruno Haible, 2018/05/17
- Re: gnupload and gpg2, Paul Eggert, 2018/05/17
  - Re: gnupload and gpg2, Bruno Haible, 2018/05/17
- Re: gnupload and gpg2, Bruno Haible, 2018/05/19
  - Re: gnupload and gpg2, Jim Meyering, 2018/05/19
    - Re: gnupload and gpg2, Bruno Haible, 2018/05/19
    - Re: gnupload and gpg2, Jim Meyering <=
    - Re: uploader security, Bruno Haible, 2018/05/20

Prev by Date: Re: gnupload and gpg2
Next by Date: Re: uploader security
Previous by thread: Re: gnupload and gpg2
Next by thread: Re: uploader security
Index(es):
- Date
- Thread