GNU bug report logs - #66414
GNU ELPA: Require signed tags to release new package versions

Package: emacs;

Reported by: Stefan Kangas <stefankangas <at> gmail.com>

Date: Mon, 9 Oct 2023 07:17:02 UTC

Severity: wishlist

Message #17 received at 66414 <at> debbugs.gnu.org (full text, mbox):

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Philip Kaludercic <philipk <at> posteo.net>
Cc: 66414 <at> debbugs.gnu.org, yantar92 <at> posteo.net, monnier <at> iro.umontreal.ca
Subject: Re: bug#66414: GNU ELPA: Require signed tags to release new package
 versions
Date: Mon, 9 Oct 2023 09:30:20 +0000

Philip Kaludercic <philipk <at> posteo.net> writes:

> Stefan Kangas <stefankangas <at> gmail.com> writes:
>
>> Severity: wishlist
>>
>> I propose optionally releasing a new version of packages on
>> NonGNU/GNU ELPA only if there is a valid PGP signature.  We can't make
>> it mandatory, at the very least not initially, because it would break
>> too many existing workflows.
>
> I am not sure what the context here is, so sorry for the potentially
> stupid question, but what PGP signatures are we talking about?  Are you
> suggesting that the commit should be signed?

Yes, see the very next sentence:

>> The standard feature to do that in git would be a signed git tag.

Sorry for not being more clear.

This bug report was last modified 1 year and 249 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #66414 GNU ELPA: Require signed tags to release new package versions

GNU bug report logs - #66414
GNU ELPA: Require signed tags to release new package versions