Hey, On Fri, Aug 26, 2016 at 10:17:04AM -0500, Michael Catanzaro wrote:
No. I used to do this, but stopped a couple years ago because it was pointless. Nobody should trust my key, so why use it?
Why shouldn't anybody trust my key if it has been signed by other members of the community? By the way, I have always signed my tags (using git tag -s), and I don't think I am the only one. :) eg., gnome-keyring tags are often signed. The only exceptions have been when I had to urgently make a release from a machine that didn't have my GPG key, but those occasions have been exceedingly rare. Cheers, Rishi
Attachment:
pgpNfHvjNXKE0.pgp
Description: PGP signature