nan icon indicating copy to clipboard operation
nan copied to clipboard
verified publisher icon nodejs

Tagged releases and commits are not signed

Open braydonf opened this issue 6 years ago • 2 comments

The last signed version I was able to find was https://github.com/nodejs/nan/releases/tag/v1.5.1 the latest tag is not signed https://github.com/nodejs/nan/releases/tag/v2.14.0.

braydonf avatar Dec 26 '19 19:12 braydonf

@kkoopa I believe this can be fixed in future releases by handling the version bump in a separate branch and merging that branch into master before release, triggering github to mark both the merge commit and release as "verified"

mkrufky avatar Apr 22 '20 15:04 mkrufky

The tag can be signed using:

git tag -s v2.14.1 -m v2.14.1

And git can be configured to sign each commit with a ~/.gitconfig including:

[user]
  email = <email>
  name = <name>
  signingKey = <fingerprint>
[commit]
  gpgSign = true
[gpg]
  program = gpg

braydonf avatar Apr 22 '20 16:04 braydonf