On May 24, Thomas Koch <thomas@koch.ro> wrote:

> Git supports signing of commits since version 1.7.9. Everybody should sign git 
> commits always.
I do not see a significant benefit in signing all commits as long as 
release tags are signed.

I use the attached script to easily create and sign my tags.

-- 
ciao,
Marco

#!/bin/sh -e

VER="$(dpkg-parsechangelog --show-field Version)"

if [ -z "$VER" ]; then
  echo "Could not parse the changelog!" >&2
  exit 1
fi

VER="$(echo "$VER" | sed -e 's/~/_/g' -e 's/:/%/g')"

# is there a simple and reliable way to determine if a package is native?
if git tag | grep -q '^debian/'; then
  TAG="debian/$VER"
else
  TAG="v$VER"
fi

exec git tag -s -m "version $VER" $TAG

Attachment: pgpRHAv0ZJtPN.pgp
Description: PGP signature

Reply to:

Follow-Ups:
- Re: please use signed git commits (and tags)
  - From: Samuel Thibault <sthibault@debian.org>

References:
- please use signed git commits (and tags)
  - From: Thomas Koch <thomas@koch.ro>

Prev by Date: Re: scripts for merging local changes
Next by Date: Re: please use signed git commits (and tags)
Previous by thread: Re: please use signed git commits (and tags)
Next by thread: Re: please use signed git commits (and tags)
Index(es):
- Date
- Thread

Re: please use signed git commits (and tags)