I see. The release tags I pushed are not signed.
On Mon, Jan 25, 2016 at 3:30 PM, Sean Busbey <[email protected]> wrote: > To date the only signing has been on release tags. AFAIK, signed tags are > only visible using "git show": > > ex: > > $ git show 1.0.0 > tag 1.0.0 > Tagger: Enis Soztutar <[email protected]> > Date: Sat Feb 21 14:32:18 2015 -0800 > > Tag 1.0.0 > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v1 > > iQIcBAABCgAGBQJU6Qd4AAoJEAhFjDnpZLX/TvkP/2qrbuvm2Fp7ifrhZ5pngApl > plrI6yWUaXIS9cFj3fvInoXZ7CvKGSs6+ixngRsQBoYHvH1Lgu8SGcPVn5wj54WJ > bnwnhlvsfp3NQ1/UuADqCYPb8xRkHdijMnCxeRyZPGR3piZSCN8MwTSsdKbIJU8u > XCyDgFVx3IEOpphCDytZu5gZ6pRnvJfm3SqAjXC86/h8eTRvMwdbV1SwePWNA5HQ > CMHUBkLm4Nw8xD0Z7AdsKb+GxeM2P/xtN+ETQI0mOXJ9aWfsDQaGsMi4DXQRBGeT > h3Q/r6lImOjBqAnMeny3JLy3OIpDhFk7ezm2L7zwzaCgCGjWOcN/G7mmJkkl/i18 > 0MKKij7CPDP3yKfkhZs1HW68FalIaJ/kTQsRHIFOR+leVrB4xnaa2bx42lkWouqC > 329qtubrGYN8jzqHSjoV5GvlAxz4tWdKz97N+WaBouzrQNkfAwkW9Kr/Cgr8XxQG > h+CxPJN8NEWdQKzEK6ibeGjCp8ULKfhuPUtIq3U/9vnFs4gtt0I6AQo5VeWxpePu > 7BO1utwlWSQExMb5ES7fbwabh26yd9ZIfELpx7Ek3HR9jCEu7rE0pneKHUEFGR0d > +hXlYua9wcKmcftu4Q1nnz+tFFtCv9uosxWRMFHN/0RAw67rQ2D/hqS4vpnNsOQF > rjvbLk7ASDRbjD15WxXj > =ef23 > -----END PGP SIGNATURE----- > > commit 6c98bff7b719efdb16f71606f3b7d8229445eb81 > Author: Enis Soztutar <[email protected]> > Date: Sat Feb 14 19:41:51 2015 -0800 > > ....SNIP... > > $ git show 1.1.2 > tag 1.1.2 > Tagger: Nick Dimiduk <[email protected]> > Date: Tue Sep 1 09:15:22 2015 -0700 > > Tag 1.1.2 > -----BEGIN PGP SIGNATURE----- > > iQIcBAABCgAGBQJV5c8aAAoJEK2QOQccNIm9wjUQAIcZLsjYEKVohQJq5Wp3ZcrD > Z8dN265BIG1/IyBvvVYDEKQljWXeb5sIYxjoE0jVkiC80IWKmRKVgmR1K+lElPyR > Jx39ea+tNUKfrVj+vGN+3xOlLsc2RT+9x9EhKL+X38ZUUD7P0bSlcQvCekYFc0Ik > 61VZDF24VXL4dvudahpOf+1mfQam9Ij4bEtwSe7tK8BSd1+FaPQKatEK5UqUAf+d > TTi3dnsoyZKOgiaSesZ6QbocBhB7h68ormnY9dowkCdr6CK/qXuNlCYNqtJx3EKQ > a0UsqbQNLimGANtO1llU8DiTbcS113z0SEiFyn4b/MuM8VtUQgMiLJx44o0ZhUB9 > GDzXXMdMM7xkJjc7mUT5kxyqwsAo+G5MtaAS2gkMeeF4l5sZ+xT+DUKWfwfVBe0D > cg4JhhbX6/O4Nis92CQTbVLfgtF/K20cph5J7JiIf7wT+vkF2sIpb04INMCF/c+D > P5XGQt8UJ+Lewiln2E56UOOjRKZdj2JXBEOkiXXFledoXuGsBHWLUi0vL6FmmsZN > nd27SSsA/4cJerV4N91ekeqJ343oc6SYYuevfiTa6TIB2I9qRn7bLBFMedlzLSvt > 0sKUgZvK3oDtOJ0N3gk+TkvXiHSBZQIpWw9H4hUXh+Vx5C+0FD+sGMSGea+md+b+ > YHyDoviUo72QtexwuS5c > =I+Z4 > -----END PGP SIGNATURE----- > ...SNIP... > > On Mon, Jan 25, 2016 at 5:22 PM, Andrew Purtell <[email protected]> > wrote: > > > I have made new refs in rel/ pointing to the same SHA as the earlier tag > > and pushed them. > > > > I don't believe any committers have or are planning to make PGP signed > > commits. I also made a quick check with 'git log' of recent release refs > > and did not find signed commits. That is a practice we could adopt. I'd > be > > supportive of that. All committers would need to do so to make it > > worthwhile. > > > > > > On Mon, Jan 25, 2016 at 3:01 PM, Sean Busbey <[email protected]> > wrote: > > > > > one question: will the new historic tags have your PGP signature rather > > > than the original RM(s)? If so, do we need to make a note of the cause > of > > > this discrepancy? > > > > > > A vote in favor of leaving the old tags: since we've been treating > > release > > > tags as permalinks (regardless of their actual mutable state), folks > are > > > likely to have links to them saved places. > > > > > > On Mon, Jan 25, 2016 at 3:26 PM, Andrew Purtell <[email protected]> > > > wrote: > > > > > > > Question: Would you like me to clean up afterward by pushing deletes > > for > > > > the soon-to-be duplicate release tags? No rush on an answer. I'll > wait > > a > > > > few days for responses to come in. > > > > > > > > On Mon, Jan 25, 2016 at 1:24 PM, Andrew Purtell <[email protected] > > > > > > wrote: > > > > > > > > > I'll be adding tags under refs/rel/ for all previous HBase releases > > > > today, > > > > > using a snapshot of HBase's Apache git repository last updated at > > > Monday > > > > > January 25 13:20:47 PST 2016. > > > > > > > > > > -- > > > > > Best regards, > > > > > > > > > > - Andy > > > > > > > > > > Problems worthy of attack prove their worth by hitting back. - Piet > > > Hein > > > > > (via Tom White) > > > > > > > > > > > > > > > > > > > > > -- > > > > Best regards, > > > > > > > > - Andy > > > > > > > > Problems worthy of attack prove their worth by hitting back. - Piet > > Hein > > > > (via Tom White) > > > > > > > > > > > > > > > > -- > > > Sean > > > > > > > > > > > -- > > Best regards, > > > > - Andy > > > > Problems worthy of attack prove their worth by hitting back. - Piet Hein > > (via Tom White) > > > > > > -- > Sean > -- Best regards, - Andy Problems worthy of attack prove their worth by hitting back. - Piet Hein (via Tom White)
