GNU bug report logs - #66414
GNU ELPA: Require signed tags to release new package versions

Package: emacs;

Reported by: Stefan Kangas <stefankangas <at> gmail.com>

Date: Mon, 9 Oct 2023 07:17:02 UTC

Severity: wishlist

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: Stefan Kangas <stefankangas <at> gmail.com>
To: bug-gnu-emacs <at> gnu.org
Subject: GNU ELPA: Require signed tags to release new package versions
Date: Mon, 9 Oct 2023 07:15:47 +0000

Severity: wishlist

I propose optionally releasing a new version of packages on
NonGNU/GNU ELPA only if there is a valid PGP signature.  We can't make
it mandatory, at the very least not initially, because it would break
too many existing workflows.

The standard feature to do that in git would be a signed git tag.
However, (Non-)GNU ELPA currently rebuilds package tarballs every time
the "Version" comment header is updated, while git tags are ignored.

Forwarded from

    https://lists.gnu.org/r/emacs-devel/2023-02/msg00120.html

This bug report was last modified 1 year and 249 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.

GNU bug report logs - #66414 GNU ELPA: Require signed tags to release new package versions

GNU bug report logs - #66414
GNU ELPA: Require signed tags to release new package versions