Fork me on GitHub
#clojars
<
2016-11-07
>
bbloom00:11:07

i’m not sure where now - maybe it was some old blog post?

bbloom00:11:22

if clojars doesn’t care about signing, can i shut it off in lein?

bbloom00:11:32

it may be lein’s docs that are old

tcrawley00:11:54

clojars still respects signatures, and lein check will tell you if you have unsigned deps, but signing releases is security theatre w/o better networks of trust

tcrawley00:11:03

and yes, you can disable it in lein, one sec

bbloom00:11:19

thank you for calling it theater - i agree 😛

tcrawley00:11:50

and I'm the one that wrote the gpg guide for lein :)

bbloom00:11:03

you can repent for your sins by helping me now 😉

bbloom00:11:53

holy crap i got it

bbloom00:11:01

wow - sheesh ok

bbloom00:11:00

i finally found the magic incantation

tcrawley00:11:54

yeah, that's it. Sorry, I got pulled away

bbloom00:11:18

no worries - i have been at this for an hour 😛

bbloom00:11:31

project.clj desperately needs a clojure.spec 😉

tcrawley00:11:31

and needs some figwheel-style feedback. Paging @bhauman

tcrawley00:11:56

I feel like a magician now

bhauman00:11:43

@bbloom I started working on that, I"m hoping to sit down with @hypirion at the Conj

bbloom00:11:30

@tcrawley thanks for the help!

tcrawley00:11:43

my pleasure

danielcompton03:11:51

@bbloom there is https://github.com/clojars/clojars-web/issues/562 which is tracking how we can add meaningful security to distributing JARs