On Wed, Mar 22, 2017 at 02:11:56PM +0100, David Sommerseth wrote: > On 22/03/17 10:07, Samuli Seppänen wrote: > > On 20/03/2017 17:13, debbie10t wrote: > >> Hi > >> > >> just so this does not get forgotten about: > >> > >> @dazo | slypknot: https://github.com/OpenVPN/openvpn-build > >> @dazo | I see that there are no tags with the I60x indicator ... > >> that could probably be something mattock should consider to add > >> @cron2 | true > >> > >> Regards > >> > > > > For openvpn-build I have not added release tags, as the commit message > > usually contains the necessary information. For example: > > > > --- > > > > commit 23d42200f282d2fcdc57bd4262d1fffc0832c7ff > > Author: Samuli Seppänen <sam...@openvpn.net> > > Date: Tue Dec 27 12:31:39 2016 +0000 > > > > Update build parameters to match openvpn-install-2.4.0 > > > > Signed-off-by: Samuli Seppänen <sam...@openvpn.net> > > > > --- > > > > Adding a tag per installer release is not a big deal, though, if we have > > a use-case for it. > > Currently we do not have anything providing a guaranteed match between > openvpn-install-2.x.y-I60z and a particular git commit. This helps > understanding what a release really contains, especially if you have > more commits in a release. Then you just do: > > $ git shortlog v2.4.0-I601..v2.4.0-I602
I like this too - makes it really easy to revise what was changed between two releases/tarballs. It's basically one little step more to perform when creating the tarball. > > Another aspect is when you do signed commits (git tag -s), then the tag > is "cryptographically bound" to a particular git commit. That is > incredibly hard to manipulate. If the branch itself is modified the > committish will change, thus there will be a mismatch between the branch > committis and the commit the tag points at. In fact, if you do a git > checkout using the tag name, you will most likely get the correct commit > checked out and not the manipulated one. > +1 on signing the tags - this increases the confidence in the code somebody is downloading. Manipulations are found immediately (unless done voluntarily by the committer). All in all, I think it would be worth adding these small steps, as git makes them really easy to be performed. my 2 cents. Cheers, > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > Openvpn-devel mailing list > Openvpn-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openvpn-devel -- Antonio Quartulli
signature.asc
Description: Digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel