View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0014376 | mantisbt | security | public | 2012-06-09 08:25 | 2012-09-16 17:21 |
Reporter | nextgens | Assigned To | dregad | ||
Priority | normal | Severity | feature | Reproducibility | always |
Status | closed | Resolution | no change required | ||
Summary | 0014376: Releases should be signed | ||||
Description | Please sign your released code to enable users to check both authentication, integrity and non-repudiation. If possible, use an OpenPGP Compatible ASCII Armored Detached Signature. | ||||
Additional Information | Some reference material from the ASF: | ||||
Tags | No tags attached. | ||||
Agreed. We also need to ensure that developers are signing tags (the last release where this was the case was release-1.2.8). |
|
With the exception of some old 1.2 alpha and 1.2.9, all Release tags are signed $ git show release-1.2.11 Stable release 1.2.11 iQIcBAABAgAGBQJP0CTHAAoJEHH8+ibEXZYObi0P/0GaDdrPT9RZUh/PKF9PG26D commit 7b8dad73775088f5ba3cd084e933a7247df9df82 |
|