On May 24, Thomas Koch <thomas@koch.ro> wrote: > Git supports signing of commits since version 1.7.9. Everybody should sign git > commits always. I do not see a significant benefit in signing all commits as long as release tags are signed. I use the attached script to easily create and sign my tags. -- ciao, Marco
#!/bin/sh -e VER="$(dpkg-parsechangelog --show-field Version)" if [ -z "$VER" ]; then echo "Could not parse the changelog!" >&2 exit 1 fi VER="$(echo "$VER" | sed -e 's/~/_/g' -e 's/:/%/g')" # is there a simple and reliable way to determine if a package is native? if git tag | grep -q '^debian/'; then TAG="debian/$VER" else TAG="v$VER" fi exec git tag -s -m "version $VER" $TAG
Attachment:
pgpRHAv0ZJtPN.pgp
Description: PGP signature