ryran
commented
11 years ago Hi there. I don't know what you're talking about. You're going to have to give more explanation than that.
Closed adrelanos closed 9 years ago
ryran
commented
11 years ago Hi there. I don't know what you're talking about. You're going to have to give more explanation than that.
adrelanos
commented
11 years ago Hi! Gpg signing your releases.
To tag it:
git tag -s 0.1It my be required to add your gpg fingerprint. (gpg --fingerprint)
git tag -s 0.1 -u fingerprintMy ~/.gitconfig contains:
[user]
name = adrelanos
email = adrelanos at riseup dot net
signingkey = 713AAEEFSo I can drop the -u option.
To verify it:
git tag -v 0.1Will show something like:
object d0acae5d035085f22ce891f459650913b8cc9183
type commit
tag 0.1
tagger adrelanos <adrelanos at riseup dot net> 1359221616 +0000
0.1
gpg: Signature made Sat Jan 26 17:40:00 2013 UTC using RSA key ID 713AAEEF
gpg: Good signature from "adrelanos <adrelanos at riseup do net>"Anyone who cloned the repository will be able to verify the code came from you and that no one in the middle tampered with. (happened to github)
This will also automatically result github into creating a tags web button on your github repository. Example from my project: https://github.com/adrelanos/Whonix/tags
ryran
commented
11 years ago Hmmm. I'll look into this.
ryran
commented
9 years ago Can't' believe it took so long.... https://github.com/ryran/pyrite/releases/tag/v1.0.2
I'll be using signed tags from now on, as well as signing all commits.
Please create a signed git tag.