GNU bug report logs - #66414
GNU ELPA: Require signed tags to release new package versions

Package: emacs;

Reported by: Stefan Kangas <stefankangas <at> gmail.com>

Date: Mon, 9 Oct 2023 07:17:02 UTC

Severity: wishlist

View this message in rfc822 format

From: Stefan Kangas <stefankangas <at> gmail.com>
To: Philip Kaludercic <philipk <at> posteo.net>
Cc: 66414 <at> debbugs.gnu.org, yantar92 <at> posteo.net, monnier <at> iro.umontreal.ca
Subject: bug#66414: GNU ELPA: Require signed tags to release new package versions
Date: Mon, 9 Oct 2023 09:44:25 +0000

Philip Kaludercic <philipk <at> posteo.net> writes:

> No, my bad.  I didn't know that git tags could be signed, so I misread
> the sentence.
>
> One issue might be that elpa-admin.el doesn't really do anything with
> git tags, though I guess it should be possible to verify a remote git
> tag?  An alternative might be to check for signed git commits, at the
> very least for the commits that bump the version tag.  That way all the
> could be kept in elpa.git.

Yes, I think a signed commit might work fine for this purpose too.  It
would be a more minimal change, if nothing else.

This bug report was last modified 1 year and 250 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #66414 GNU ELPA: Require signed tags to release new package versions

GNU bug report logs - #66414
GNU ELPA: Require signed tags to release new package versions