Congratulations! Missing 3.0.0 tag?
Steffen Nurpmeso
steffen at sdaoden.eu
Wed Sep 8 23:03:28 UTC 2021
Benjamin Kaduk wrote in
<20210908222248.GX19992 at akamai.com>:
|On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote:
|>
|> P.S.: maybe at least release commits and tags could be signed?
|> And/or HTTPS access to the repository ... but then i get the gut
|> feeling that the answer to this will be "use github" or something.
|
|tag openssl-3.0.0
|Tagger: Richard Levitte <richard at levitte.org>
|Date: Tue Sep 7 13:46:40 2021 +0200
|
|OpenSSL 3.0.0 release tag
|-----BEGIN PGP SIGNATURE-----
|
|iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF
|O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w==
|=pGf9
|-----END PGP SIGNATURE-----
|
|looks signed to me.
That is really interesting now.
If i use "git show openssl-3.0.0" i see this myself.
tag openssl-3.0.0
Tagger: Richard Levitte <richard at levitte.org>
TaggerDate: 2021-09-07 13:46:40 +0200
OpenSSL 3.0.0 release tag
-----BEGIN PGP SIGNATURE-----
iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF
O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w==
=pGf9
-----END PGP SIGNATURE-----
commit 89cd17a031 (tag: refs/tags/openssl-3.0.0)
...
But if i use
#?0|kent:tls-openssl.git$ alias gl1
alias gl1='git slpn -1'
#?0|kent:tls-openssl.git$ git alias|grep slpn
alias.slpn log --show-signature --patch --find-renames --stat --no-abbrev-commit
#?0|kent:tls-openssl.git$ gl1 openssl-3.0.0
commit 89cd17a031e022211684eb7eb41190cf1910f9fa (tag: refs/tags/openssl-3.0.0)
...
i do not. Hm, maybe i need to relearn git again, looking around
i see a couple of projects for which this is true (Linux,
wireguard-tools), for others it is not (my own project, nghttp2).
Eg "alias.slo log --show-signature --oneline --graph":
#?141|kent:nail.git$ git slo -1 master
Reading passphrase from file descriptor 4
* 69be61071c (...) gpg: Signature made Wed 01 Sep 2021 01:19:46 PM CEST
| gpg: using RSA key DF082F6AEEC8C2FF
| gpg: Good signature from "Steffen Nurpmeso <steffen at sdaoden.eu>"
| gpg: WARNING: This key is not certified with a trusted signature!
| gpg: There is no indication that the signature belongs to the owner.
| Primary key fingerprint: EE19 E1C1 F2F7 054F 8D39 54D8 3089 64B5 1883 A0DD
| Subkey fingerprint: 8A2A 4D60 9FDC 539C 75F5 5B95 DF08 2F6A EEC8 C2FF
| Clear an installed alarm(2) in fork(2)ed childs (Stephen Isard)
#?0|kent:nghttp2.git$ git slo -1 fcc20334da
Reading passphrase from file descriptor 4
* fcc20334da gpg: Signature made Sat 04 Sep 2021 10:26:47 AM CEST
|\ gpg: using RSA key 4AEE18F83AFDEB23
| | gpg: Can't check signature: public key not found
| | Merge pull request #1613 from mkauf/check_pseudo_header_chars
#?0|kent:wireguard-tools.git$ git slo -1 v1.0.20210424
* ecb1ea29d7 (tag: refs/tags/v1.0.20210424) version: bump
#?128|kent:linux.git$ git slo -1 v5.10.62
* f6dd002450 (tag: refs/tags/v5.10.62, refs/remotes/origin/linux-5.10.y) Linux 5.10.62
Ooops, i am totally off again.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
More information about the openssl-users
mailing list