Hi, On Fri, Aug 26, 2016, at 12:21 PM, Michael Catanzaro wrote: > On Fri, 2016-08-26 at 11:48 -0400, Shaun McCance wrote: > > IIRC, git.gnome.org won't let you push an unsigned tag. > > I've been doing it for a while, so it most certainly does! I don't see > value in signing our tags as (a) clearly nobody is checking the > signatures
I know you're a tarball person. That' s OK, it's a legacy model that's still very widespread. But why would you try to actively discourage people from using the signature infrastructure that's built into git? It doesn't make sense to me. FWIW, I do sign all my tags (using https://github.com/cgwalters/git-evtag even) and the node.js people for example are using it: https://github.com/nodejs/node/issues/7579 Github even displays signed tags more prominently now. So, yes, signed tags are used. Key management is hard, but that's not new. _______________________________________________ gnome-os-list mailing list [email protected] https://mail.gnome.org/mailman/listinfo/gnome-os-list
