On Sun, Jul 16, 2023 at 07:19:56PM +0200, Alexander Kanavin wrote: > On Sun, 16 Jul 2023 at 17:03, Tom Rini <tr...@konsulko.com> wrote: > > Does bitbake have any infrastructure atm for dealing with signed tags? > > I'm fine with (for now, as LTS is a hope not a feature) keeping the > > branch portion. But if it was possible to say it must be a tag signed > > by X key, that would help a little with the concern about moving to some > > more arbitrary commit. > > As far as I know, git fetcher doesn't verify tags. They don't even > have to be signed, checking that a tag specified in a recipe matches a > commit id specified in a recipe would also guard against unwanted > commits, but the fetcher doesn't do that check either.
That's what I figured, thanks. -- Tom
signature.asc
Description: PGP signature
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#184419): https://lists.openembedded.org/g/openembedded-core/message/184419 Mute This Topic: https://lists.openembedded.org/mt/100144566/21656 Group Owner: openembedded-core+ow...@lists.openembedded.org Unsubscribe: https://lists.openembedded.org/g/openembedded-core/unsub [arch...@mail-archive.com] -=-=-=-=-=-=-=-=-=-=-=-
