[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
bug#24461: Signing Emacs git release tags
From: |
Rob Browning |
Subject: |
bug#24461: Signing Emacs git release tags |
Date: |
Sun, 29 Sep 2019 12:24:16 -0500 |
Stefan Kangas <stefan@marxist.se> writes:
> I think signing tags is different than signing commits. A signed tag
> means you can have more trust that you are using the code with the
> latest fix to security problem X, announced to have been released in
> tagged Emacs version Y, and not code missing that fix.
Fair enough -- I suppose without the signed tag, there's no way to be
completely sure that you have the right signed commit.
--
Rob Browning
rlb @defaultvalue.org and @debian.org
GPG as of 2011-07-10 E6A9 DA3C C9FD 1FF8 C676 D2C4 C0F0 39E9 ED1B 597A
GPG as of 2002-11-03 14DD 432F AE39 534D B592 F9A0 25C8 D377 8C7E 73A4