[openstack-dev] Please do use PGP and PGP signed tags!
Thierry Carrez
thierry at openstack.org
Sun Feb 10 09:36:04 UTC 2013
Mark McLoughlin wrote:
>> Am I misunderstanding something?
>
> The question is about signing tags. As part of releasing modules, we do
> e.g.:
>
> $> git tag -s 2012.2.3
> $> git push gerrit tag 2012.2.3
>
> It sounds like we've failed to include '-s' when tagging some projects
> in the past.
Even if I religiously sign all my tags, I'll take my part of the blame,
since I failed to document the release process for PTLs to release
libraries using the tag-to-tarball-to-pypi mechanism.
Can't blame other people for not following my process when I didn't take
the time to write such process :)
--
Thierry Carrez (ttx)
Release Manager, OpenStack
More information about the OpenStack-dev
mailing list