GNU bug report logs - #24461
Signing Emacs git release tags

Package: emacs;

Reported by: Rob Browning <rlb <at> defaultvalue.org>

Date: Sun, 18 Sep 2016 18:13:02 UTC

Severity: wishlist

Message #23 received at 24461 <at> debbugs.gnu.org (full text, mbox):

From: Rob Browning <rlb <at> defaultvalue.org>
To: Stefan Kangas <stefan <at> marxist.se>
Cc: John Wiegley <jwiegley <at> gmail.com>, Nicolas Petton <nicolas <at> petton.fr>,
 24461 <at> debbugs.gnu.org
Subject: Re: bug#24461: Signing Emacs git release tags
Date: Sun, 29 Sep 2019 12:24:16 -0500

Stefan Kangas <stefan <at> marxist.se> writes:

> I think signing tags is different than signing commits.  A signed tag
> means you can have more trust that you are using the code with the
> latest fix to security problem X, announced to have been released in
> tagged Emacs version Y, and not code missing that fix.

Fair enough -- I suppose without the signed tag, there's no way to be
completely sure that you have the right signed commit.

-- 
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4

This bug report was last modified 3 years and 85 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #24461 Signing Emacs git release tags

GNU bug report logs - #24461
Signing Emacs git release tags