Git release tagging best practices
Bernhard Reiter
bernhard at intevation.de
Thu Mar 21 10:07:23 CET 2019
Am Mittwoch 20 März 2019 13:28:33 schrieb Daniel Kahn Gillmor:
> I wonder whether we "git tag -v" should raise an error if the tag name
> within the signature doesn't match the tag name being verified.
Here is an interesting writeup, which also compared git and Monotone SCM
signing features:
https://www.mercurial-scm.org/wiki/CommitSigningPlan
As I understand it: hg can sign a specific state of the repository, but
this has other drawbacks. It is good to have some competition on distributed
SCMs. >:)
Regards,
Bernhard
--
www.intevation.de/~bernhard +49 541 33 508 3-3
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: This is a digitally signed message part.
URL: <https://lists.gnupg.org/pipermail/gnupg-devel/attachments/20190321/a9bb42c8/attachment.sig>
More information about the Gnupg-devel
mailing list