Congratulations! Missing 3.0.0 tag?

Dr Paul Dale pauli at openssl.org
Wed Sep 8 23:18:04 UTC 2021 

With the change to (almost) semantic versioning, we also decided to make 
the tags easier to type.

Pauli


On 9/9/21 9:03 am, Steffen Nurpmeso wrote:
> Benjamin Kaduk wrote in
>   <20210908222248.GX19992 at akamai.com>:
>   |On Thu, Sep 09, 2021 at 12:15:44AM +0200, Steffen Nurpmeso wrote:
>   |>
>   |> P.S.: maybe at least release commits and tags could be signed?
>   |> And/or HTTPS access to the repository ... but then i get the gut
>   |> feeling that the answer to this will be "use github" or something.
>   |
>   |tag openssl-3.0.0
>   |Tagger: Richard Levitte <richard at levitte.org>
>   |Date:   Tue Sep 7 13:46:40 2021 +0200
>   |
>   |OpenSSL 3.0.0 release tag
>   |-----BEGIN PGP SIGNATURE-----
>   |
>   |iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF
>   |O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w==
>   |=pGf9
>   |-----END PGP SIGNATURE-----
>   |
>   |looks signed to me.
>
> That is really interesting now.
> If i use "git show openssl-3.0.0" i see this myself.
>
>    tag openssl-3.0.0
>    Tagger:     Richard Levitte <richard at levitte.org>
>    TaggerDate: 2021-09-07 13:46:40 +0200
>
>    OpenSSL 3.0.0 release tag
>    -----BEGIN PGP SIGNATURE-----
>
>    iFwEABECAB0WIQTEyrdJw09/TMBP2smnr5549wlFOwUCYTdRIAAKCRCnr5549wlF
>    O7wEAJ90wRuQnQYdf7RrzD7p2tf2eZhP4QCXeXX3a1IgbIgfU7WuLZ44BbXF7w==
>    =pGf9
>    -----END PGP SIGNATURE-----
>
>    commit 89cd17a031 (tag: refs/tags/openssl-3.0.0)
>    ...
>
> But if i use
>
>    #?0|kent:tls-openssl.git$ alias gl1
>    alias gl1='git slpn -1'
>    #?0|kent:tls-openssl.git$ git alias|grep slpn
>    alias.slpn log --show-signature --patch --find-renames --stat --no-abbrev-commit
>    #?0|kent:tls-openssl.git$ gl1 openssl-3.0.0
>    commit 89cd17a031e022211684eb7eb41190cf1910f9fa (tag: refs/tags/openssl-3.0.0)
>    ...
>
> i do not.  Hm, maybe i need to relearn git again, looking around
> i see a couple of projects for which this is true (Linux,
> wireguard-tools), for others it is not (my own project, nghttp2).
> Eg "alias.slo log --show-signature --oneline --graph":
>
>    #?141|kent:nail.git$ git slo -1 master
>    Reading passphrase from file descriptor 4
>    * 69be61071c (...) gpg: Signature made Wed 01 Sep 2021 01:19:46 PM CEST
>    | gpg:                using RSA key DF082F6AEEC8C2FF
>    | gpg: Good signature from "Steffen Nurpmeso <steffen at sdaoden.eu>"
>    | gpg: WARNING: This key is not certified with a trusted signature!
>    | gpg:          There is no indication that the signature belongs to the owner.
>    | Primary key fingerprint: EE19 E1C1 F2F7 054F 8D39  54D8 3089 64B5 1883 A0DD
>    |      Subkey fingerprint: 8A2A 4D60 9FDC 539C 75F5  5B95 DF08 2F6A EEC8 C2FF
>    | Clear an installed alarm(2) in fork(2)ed childs (Stephen Isard)
>
>    #?0|kent:nghttp2.git$ git slo -1 fcc20334da
>    Reading passphrase from file descriptor 4
>    *   fcc20334da gpg: Signature made Sat 04 Sep 2021 10:26:47 AM CEST
>    |\  gpg:                using RSA key 4AEE18F83AFDEB23
>    | | gpg: Can't check signature: public key not found
>    | | Merge pull request #1613 from mkauf/check_pseudo_header_chars
>
>    #?0|kent:wireguard-tools.git$ git slo -1 v1.0.20210424
>    * ecb1ea29d7 (tag: refs/tags/v1.0.20210424) version: bump
>
>    #?128|kent:linux.git$ git slo -1 v5.10.62
>    * f6dd002450 (tag: refs/tags/v5.10.62, refs/remotes/origin/linux-5.10.y) Linux 5.10.62
>
> Ooops, i am totally off again.
>
> --steffen
> |
> |Der Kragenbaer,                The moon bear,
> |der holt sich munter           he cheerfully and one by one
> |einen nach dem anderen runter  wa.ks himself off
> |(By Robert Gernhardt)
>

More information about the openssl-users mailing list