Closed adrelanos closed 9 years ago
Hi there. I don't know what you're talking about. You're going to have to give more explanation than that.
Hi! Gpg signing your releases.
To tag it:
git tag -s 0.1
It my be required to add your gpg fingerprint. (gpg --fingerprint)
git tag -s 0.1 -u fingerprint
My ~/.gitconfig contains:
[user]
name = adrelanos
email = adrelanos at riseup dot net
signingkey = 713AAEEF
So I can drop the -u option.
To verify it:
git tag -v 0.1
Will show something like:
object d0acae5d035085f22ce891f459650913b8cc9183
type commit
tag 0.1
tagger adrelanos <adrelanos at riseup dot net> 1359221616 +0000
0.1
gpg: Signature made Sat Jan 26 17:40:00 2013 UTC using RSA key ID 713AAEEF
gpg: Good signature from "adrelanos <adrelanos at riseup do net>"
Anyone who cloned the repository will be able to verify the code came from you and that no one in the middle tampered with. (happened to github)
This will also automatically result github into creating a tags web button on your github repository. Example from my project: https://github.com/adrelanos/Whonix/tags
Hmmm. I'll look into this.
Can't' believe it took so long.... https://github.com/ryran/pyrite/releases/tag/v1.0.2
I'll be using signed tags from now on, as well as signing all commits.
Please create a signed git tag.