[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#66414: GNU ELPA: Require signed tags to release new package versions
|
From: |
Stefan Kangas |
|
Subject: |
bug#66414: GNU ELPA: Require signed tags to release new package versions |
|
Date: |
Mon, 9 Oct 2023 09:44:25 +0000 |
Philip Kaludercic <philipk@posteo.net> writes:
> No, my bad. I didn't know that git tags could be signed, so I misread
> the sentence.
>
> One issue might be that elpa-admin.el doesn't really do anything with
> git tags, though I guess it should be possible to verify a remote git
> tag? An alternative might be to check for signed git commits, at the
> very least for the commits that bump the version tag. That way all the
> could be kept in elpa.git.
Yes, I think a signed commit might work fine for this purpose too. It
would be a more minimal change, if nothing else.