nedbat
commented
3 years ago There aren't many releases these days, and TBH, I don't know how to sign tags.
Open charanjith-anet opened 3 years ago
nedbat
commented
3 years ago There aren't many releases these days, and TBH, I don't know how to sign tags.
charanjith-anet
commented
3 years ago Thanks for your reply. Here's a resource a found on how to do it - https://wiki.debian.org/Creating%20signed%20GitHub%20releases
On Fri, Feb 26, 2021 at 4:10 PM Ned Batchelder notifications@github.com wrote:
There aren't many releases these days, and TBH, I don't know how to sign tags.
— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nedbat/cog/issues/15#issuecomment-786960093, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQGFPCY2MYKRCXQZKFMUL2LTBAZ7VANCNFSM4YJG3LWQ .
nedbat
commented
3 years ago How are you using the tags in this repo? Aren't you installing from PyPI?
charanjith-anet
commented
3 years ago I'm actually looking for a signed RPM for cog. Having a tag will help in download and verify the source before building an RPM myself. If there's a signed RPM available for download on PyPi, I'd neither need a tag for the source nor build the RPM.
Please add a signature to the source code bundle or sign the release tag with github GPG key