Uploaded image for project: 'MariaDB Foundation Development'
  1. MariaDB Foundation Development
  2. MDBF-260

git release tags are not signed

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Minor
    • Resolution: Unresolved
    • None
    • None
    • None

    Description

      It seems that the git tags used to tag MariaDB Server releases are not signed.

      For example the recent mariadb-10.6.3 tag by serg and mariadb-10.4.20 by marko don't seem to be signed.

      Compare:

      noformat
      $ git tag -v mariadb-10.5.11
      error: mariadb-10.5.11: cannot verify a non-tag object of type commit.
      noformat
      (from: https://github.com/MariaDB/server/releases/tag/mariadb-10.5.11)

      noformat
      $ git tag -v debian/1%10.5.11-1
      object 916d02055c70372621c463043387e1367e20cb12
      type commit
      tag debian/1%10.5.11-1
      tagger Otto Kekäläinen <otto@debian.org>
      noformat
      (from: https://salsa.debian.org/mariadb-team/mariadb-10.5/-/tags/debian%2F1%2510.5.11-1)

      Signing can be done by adding `-s` to `git tag -s mariadb-10.5.12` when tagging. You could use the same GPG key to sign the tags as is used to sign the tar.gz source releases.

      For details see:

      Attachments

        Activity

          People

            dbart Daniel Bartholomew
            otto Otto Kekäläinen
            Votes:
            0 Vote for this issue
            Watchers:
            6 Start watching this issue

            Dates

              Created:
              Updated:

              Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0d
                0d
                Logged:
                Time Spent - 0.25d
                0.25d