[openstack-dev] [all] [stable] No longer doing stable point releases

Alan Pevec apevec at gmail.com
Sun Jun 7 22:25:47 UTC 2015

>> and *Plan D* would be to start doing automatic per-project
>> micro-versions on each commit: e.g. 2015.1.N where N is increased on
>> each commit.
> How do you gpg sign these tags? I hope the solution isn't to store a key
> in infra without a passphrase.

Plan D doesn't include git tags, 2015.1.N would be generated by PBR

> FYI, I don't use tarballs (just git), and generate my own orig.tar.xz
> out of a signed git tag, so I am not affected by this.

We could generate it too but upstream SourceURL is preferred[1] so it
can be easily verified.
BTW there's an issue re. verification that
https://tarballs.openstack.org/ is using cert for
security.openstack.org but should be easily fixed by infra.


[1] https://fedoraproject.org/wiki/Packaging:SourceURL

More information about the OpenStack-dev mailing list