wu-sheng commented on PR #8: URL: https://github.com/apache/skywalking-php/pull/8#issuecomment-1237742582
> > The issue would be how should we call that. The RC binary should be built and signed by release manager manually, that is ASF release policy. > > Yes, maybe it's not necessary to build artifacts by tag event, or only build the package, not the sign. The signed and later operations must be handle manually. This is not very good practice. Maybe acceptable only? Because you should only sign a thing built manually rather than from a 3rd party. Such as one day, if GitHub mixed some things as CI is not a hard-protected env(or may be hacked), then we signed and released a totally unexpected binary. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: notifications-unsubscr...@skywalking.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org
