cog icon indicating copy to clipboard operation
cog copied to clipboard
verified publisher icon nedbat

Sign the release tag with github GPG key

Open charanjith-anet opened this issue 4 years ago • 4 comments

Please add a signature to the source code bundle or sign the release tag with github GPG key

charanjith-anet avatar Feb 26 '21 22:02 charanjith-anet

There aren't many releases these days, and TBH, I don't know how to sign tags.

nedbat avatar Feb 27 '21 00:02 nedbat

Thanks for your reply. Here's a resource a found on how to do it - https://wiki.debian.org/Creating%20signed%20GitHub%20releases

On Fri, Feb 26, 2021 at 4:10 PM Ned Batchelder [email protected] wrote:

There aren't many releases these days, and TBH, I don't know how to sign tags.

— You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub https://github.com/nedbat/cog/issues/15#issuecomment-786960093, or unsubscribe https://github.com/notifications/unsubscribe-auth/AQGFPCY2MYKRCXQZKFMUL2LTBAZ7VANCNFSM4YJG3LWQ .

charanjith-anet avatar Feb 27 '21 00:02 charanjith-anet

How are you using the tags in this repo? Aren't you installing from PyPI?

nedbat avatar Feb 27 '21 13:02 nedbat

I'm actually looking for a signed RPM for cog. Having a tag will help in download and verify the source before building an RPM myself. If there's a signed RPM available for download on PyPi, I'd neither need a tag for the source nor build the RPM.

charanjith-anet avatar Feb 27 '21 22:02 charanjith-anet