On 11/29/2009 11:29 AM, Christopher Brown wrote:
2009/11/29 Kalev Lember kalev@smartlink.ee:
Hello,
<snip>
Comments?
I'm the maintainer for log4net but unfortunately not for nant. I've finally gotten around to looking at this.
Debian have a policy[1] of using a standard mono.snk which is provided by a package (I guess we just then BuildRequires this) and I think this seems like a good solution but have no experience of this.
We should definitely use Debian's key, right? Otherwise some Fedora CLI libraries would be unnecessarily incompatible with Debian, and whoever else uses Debian's key.
The whole business of not shipping code-signing keys is a little contrary to open source. I think this is something that GPLv3 would prohibit. We should use a single well-known signing key for any package that we don't have the keys for, I think.
Adam