Git based releases

Derek Atkins warlord at MIT.EDU
Mon May 20 11:37:22 EDT 2013


Yawar Amin <yawar.amin at gmail.com> writes:

> On 2013-05-19, at 11:54, Geert Janssens <janssens-geert at telenet.be> wrote:
>
>> [...]
>> 
>> Yours would generate an unsigned annotated tag. In the git-tag man page I found we could 
>> also generate signed tags using -s or -u.
>> 
>> I don't know the (dis)advantages of both methods and which one we should use then.
>
> Signed is better for a release. Unsigned can be removed any time by
> anyone, without a trace. Signed gives us an audit trail.
>
> Not to mention the benefit of a tag with a trusted OpenPGP signature.

This presumes we have a "trusted PGP Key" that we can use...  Currently
we do not.

> ZZ

-derek
-- 
       Derek Atkins, SB '93 MIT EE, SM '95 MIT Media Laboratory
       Member, MIT Student Information Processing Board  (SIPB)
       URL: http://web.mit.edu/warlord/    PP-ASEL-IA     N1NWH
       warlord at MIT.EDU                        PGP key available


More information about the gnucash-devel mailing list