Congratulations! Missing 3.0.0 tag?

Steffen Nurpmeso steffen at sdaoden.eu
Thu Sep 9 19:25:47 UTC 2021 

Randall S. Becker wrote in
 <012201d7a590$56df08d0$049d1a70$@nexbridge.com>:
 |On September 9, 2021 6:56 AM, Steffen Nurpmeso wrote:
 |>Benjamin Kaduk wrote in
 |> <20210908233639.GY19992 at akamai.com>:
 |>|On Thu, Sep 09, 2021 at 01:03:28AM +0200, Steffen Nurpmeso wrote:
 ...
 |>|I think (off the top of my head, i.e., without consulting a reference) \
 |>| |that `git log` (which your aliases end up at) will only
 |display
 |>|signatures on commits, but will not show the tag objects themselves.
 |>|`git show` does display the tag object, and for openssl only the \
 |>|tag  |object is what is signed; the commits themselves are not
 |signed.
 |>
 |>I see.  That is a logical one, thanks for the explanation.
 ...
 |$ git tag --verify openssl-3.0.0

Yes yes, ok!  But like i said, wouldn't it be nice if at least
release commits would be signed also, a.k.a./or when a new branch
is created?  In Linux for example the merge commits to the master
branch are signed, in addition to the tags of the actual releases.
It may even be a deja vu and i may have clamoured in the past.

 ...
 |Although I do not have Richard's public key on the system where I ran \
 |the command and GitHub is not showing the verification status
 |of the tag.

I do not know much about github.

In fact i did not even know that the Linux release commits are
_not_ signed, because if i look (what do _i_ know from the
kernel?) then i only look at master, and there you see signed
commits.  And since my url= is https i do not actually verify
tags.  (In fact it is automated and simply diff(1)s in the
difference to the version stated in the Makefile in
/usr/src/linux/.)  But true, the last merge before Linux 5.14 was
signed, but the creation of the linux-5.14.y branch not.
Ach, forget about the noise, i hope next time i finally have my
head turned on before i post :)

Thank you.

--steffen
|
|Der Kragenbaer,                The moon bear,
|der holt sich munter           he cheerfully and one by one
|einen nach dem anderen runter  wa.ks himself off
|(By Robert Gernhardt)

More information about the openssl-users mailing list