sampsyo
commented
3 years ago Thanks for the heads up, and I'll do my best!
Closed baldurmen closed 2 years ago
sampsyo
commented
3 years ago Thanks for the heads up, and I'll do my best!
baldurmen
commented
2 years ago I don't think the latest tags have been signed... I know it's one more step, but I would really appreciate it :)
sampsyo
commented
2 years ago OK, I'm seriously going to try to remember this for v0.9.0. 😄 TBH I am a little mystified as to why git doesn't automatically sign tags the same way it automatically signs commits… it would be so much easier to remember to do!
sampsyo
commented
2 years ago Looks like it worked! 🎉
baldurmen
commented
2 years ago Indeed:
uscan info: Successfully downloaded upstream package: v0.9.0
gpgv: Signature made sam 27 nov 2021 11:47:45 EST
gpgv: using RSA key B87FE8FE3C6C695E462D7946BDB93AB409CC8705
gpgv: issuer "adrian@radbox.org"
gpgv: Good signature from "Adrian Sampson <adrian@radbox.org>"
gpgv: aka "Adrian Sampson <asampson@cs.cornell.edu>"Thanks a lot :)
Hi!
I'm currently working on packaging this library in Debian, and it would be great if new tags could be signed with an OpenPGP key :)
It's not much more work and it provides a very clear trust chain.
https://git-scm.com/book/en/v2/Git-Tools-Signing-Your-Work
Thanks in advance,