From mboxrd@z Thu Jan 1 00:00:00 1970 From: Nicolas Goaziou Subject: Re: Why no secure code retrieval Date: Thu, 30 Jun 2016 13:50:34 +0200 Message-ID: <87y45m28vp.fsf@saiph.selenimh> References: <87mvm4sewl.fsf@systemreboot.net> Mime-Version: 1.0 Content-Type: text/plain Return-path: Received: from eggs.gnu.org ([2001:4830:134:3::10]:52529) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1bIaUc-0000j7-Rm for emacs-orgmode@gnu.org; Thu, 30 Jun 2016 07:50:51 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1bIaUb-00065g-28 for emacs-orgmode@gnu.org; Thu, 30 Jun 2016 07:50:50 -0400 In-Reply-To: <87mvm4sewl.fsf@systemreboot.net> (Arun Isaac's message of "Wed, 29 Jun 2016 11:41:22 +0530") List-Id: "General discussions about Org-mode." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: emacs-orgmode-bounces+geo-emacs-orgmode=m.gmane.org@gnu.org Sender: "Emacs-orgmode" To: Arun Isaac Cc: Bastien Guerry , emacs-orgmode@gnu.org, Konstantin Kliakhandler Hello, Arun Isaac writes: >> However, gpg signing release tag commits is dead simple and would >> take a total of maybe 10 minutes of work over the lifetime of the project >> (please correct me if I'm wrong). > > I second this statement. GPG signing sounds good to me. We should do > this. GPG signing tags is OK, but I wouldn't like to request every commit to be signed. >> I know that https can be a bit tedious to setup so I am not asking for it >> (though I do think it would be great if it was enabled on the site in some >> fashion). > > HTTPS is not so tedious these days with Let's Encrypt. > > https://letsencrypt.org/ > > We should set up HTTPS as well. It would be nice, indeed. I'm Cc'ing Bastien for his opinion on the matter, and a possible step forward. Regards, -- Nicolas Goaziou