GNU bug report logs - #66414
GNU ELPA: Require signed tags to release new package versions

Package: emacs;

Reported by: Stefan Kangas <stefankangas <at> gmail.com>

Date: Mon, 9 Oct 2023 07:17:02 UTC

Severity: wishlist

View this message in rfc822 format

From: Philip Kaludercic <philipk <at> posteo.net>
To: Stefan Kangas <stefankangas <at> gmail.com>
Cc: 66414 <at> debbugs.gnu.org, yantar92 <at> posteo.net, monnier <at> iro.umontreal.ca
Subject: bug#66414: GNU ELPA: Require signed tags to release new package versions
Date: Mon, 09 Oct 2023 09:01:29 +0000

Stefan Kangas <stefankangas <at> gmail.com> writes:

> Severity: wishlist
>
> I propose optionally releasing a new version of packages on
> NonGNU/GNU ELPA only if there is a valid PGP signature.  We can't make
> it mandatory, at the very least not initially, because it would break
> too many existing workflows.

I am not sure what the context here is, so sorry for the potentially
stupid question, but what PGP signatures are we talking about?  Are you
suggesting that the commit should be signed?

> The standard feature to do that in git would be a signed git tag.
> However, (Non-)GNU ELPA currently rebuilds package tarballs every time
> the "Version" comment header is updated, while git tags are ignored.
>
> Forwarded from
>
>     https://lists.gnu.org/r/emacs-devel/2023-02/msg00120.html

This bug report was last modified 1 year and 249 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #66414 GNU ELPA: Require signed tags to release new package versions

GNU bug report logs - #66414
GNU ELPA: Require signed tags to release new package versions