Currently all tags in repo are not signed: (The verified is misleading, it's commit signing This commit was created on GitHub.com and signed with a verified signature using GitHub’s key., not tag-signing! which should show This tag was signed with a verified signature.)
https://github.com/MohGovIL/hamagen-react-native/tags
Verify by running git verify-tag -v TAGNAME after full git clone.
Currently all tags in repo are not signed: (The verified is misleading, it's commit signing
This commit was created on GitHub.com and signed with a verified signature using GitHub’s key., not tag-signing! which should showThis tag was signed with a verified signature.) https://github.com/MohGovIL/hamagen-react-native/tagsVerify by running
git verify-tag -v TAGNAMEafter full git clone.instead of signed, see for example: (click the 'verified' green button) or better run the above command on this repo for any tag. https://github.com/bitcoin-wallet/bitcoin-wallet/tags
see for more info on how to sign: https://help.github.com/en/github/authenticating-to-github/signing-tags
and better read all documentation about git signing at github at: (commit signing as well, issue #237 ) https://help.github.com/en/github/authenticating-to-github/managing-commit-signature-verification
after signing is used, upload the key to github (it will be shown as verified instead of unverified) https://help.github.com/en/github/authenticating-to-github/adding-a-new-gpg-key-to-your-github-account
why it's important: https://www.qubes-os.org/security/verifying-signatures/#how-to-verify-qubes-repos